The ASP.NET ViewState is a client side state management. ViewState is stored in hidden field with ID named __VIEWSTATE. Typically, stored ViewState information looks as below:
Now let us look at the value. It looks likes an encrypted string. This is nothing but Base64 Encoded string and it is not an encrypted string. So it can be easily decoded.
The main reasons for making it Base64 encoding are as follows:
1. Base64 makes a string suitable for HTTP transfer
2. It makes it a little harder to read .
But people often get confused that this is an encrypted string.