By default, ASP.NET is configured to encrypt the View State to prevent unauthorized access when storing it in the page. The security tradeoff with enabling encryption is it will use more CPU and makes the View State larger.

If you configured your storage type to use Memory, File or Database, we strongly recommend that you disable View State encryption in the Web.config file. There is little benefit to encrypt the View State since you're not exposing it down the page. You will save some CPU cycles and keep the View State smaller by disabling the encryption. In addition, we recommend you also disable View State MAC validation since the View State is already secure and is not being transmitted down to the client.

To disable encryption, you need to edit your Web.config file to change the viewStateEncryptionMode attribute value from "Always" to "Never" and change enableViewStateMAC to "false". This change will affect the entire site for all portals.

<pages validateRequest="false" enableViewStateMac="false" enableEventValidation="true" viewStateEncryptionMode="Never">