Encrypting your ViewState in ASP.NET 2.0
In the previous release of ASP.NET, the page developer could turn encryption on and off at the application level through a config setting. When validation was set to 3DES, ViewState was encrypted before being rendered in the page. To reduce the chance of someone intercepting the information stored in the ViewState, it is good design to encrypt the ViewState. You could do this in previous releases of ASP.NET, but the support for encryption has been improved in ASP.NET 2.0, allowing you to set this on a page-by-page basis.