Does ASP.NET use a mechanism for disallowing manipulation of data between client and server?
If not, does it mean we should use SSL? What kind of attacks can SSL prevent?
If yes what is this mechanism?
ASP.Net uses Viewstate on the client side to retain values - which is practically unbreakable. However, any web application passes (posts) data to server via webbrowser which is passed in the chunks of packet data using TCP/IP protocol. This information can be easily monitored using some software to see what data is being transmitted (however, changing this data while being transmitted to server seems very very difficult in real time). SSL simply encrypts the data (say your user name and password you typed in the login box) before browser sends it the server; this data while being transmitted on TCP/IP channels can be monitored but it would be in encrypted format. Thus, secure.
However you can make your application secure by taking care of the points from this links: