How to protect viewstate from tampering when it is passed over an unencrypted channel?

A view-state MAC is an encrypted version of the hidden variable that a page's view state is persisted to when the page is sent to the browser. When this property is set to true, the encrypted view state is checked to verify that it has not been tampered with on the client.

Do not set this property in code. Set the EnableViewStateMac attribute using the @ Page directive in the .aspx file. When the page is requested, the dynamically generated class sets the property.