ASP.NET Viewstate handling

You can “tamper-proof” your viewstate to reduce the likelihood
of someone trying to spoof your application by setting the
EnableViewStateMAC attribute. If necessary you can
encrypt it too.

However, by default, ASP.NET creates a random validation key and
stores it in each server’s Local Security Authority (LSA). In order
to validate a ViewState field created on another server, the
validationKey for both servers must be set to the same
value. If you secure ViewState by any of the means listed above for
an application running in a Web Farm configuration, you will need
to provide a single, shared validation key for all of the

The article

Q313091 HOW TO: Create Keys by Using Visual Basic .NET for Use in
Forms Authentication
 shows how to generate keys for use in
the validationKey and the
decryptionKey attributes of the <machineKey>
section in the <system.web> element in the
Machine.config and the Web.config files.