If your applications use view state, make sure it is protected with message authentication codes (MACs) to ensure it is not modified at the client. View state and MAC protection can be enabled or disabled for all applications on the machine using the <pages> element in Machine.config.
By default, the enableViewStateMac attribute on the <pages> element in Machine.config ensures that view state is protected with a MAC.
<pages buffer="true" enableSessionState="true" enableViewState="true" enableViewStateMac="true" autoEventWireup="true" validateRequest="true"/>
If you use view state, make sure that enableViewStateMac is set to true. The <machineKey> element defines the algorithms used to protect view state.