The ASP.NET team is making an important announcement regarding the September 2014 security updates.
All versions of the ASP.NET runtime 1.1 - 4.5.2 now forbid setting <%@ Page EnableViewStateMac="false" %> and <pages enableViewStateMac="false" />.
If you have set EnableViewStateMac="false" anywhere in your application, your application will be affected by this change and you should read on. Otherwise there is no action you must take, and the behavior of your application will not be affected.
In December 2013, we released a security advisory warning that the configuration setting EnableViewStateMac=false is dangerous and could allow an elevation of privilege attack against the web site. At the time Go to the complete details ...