What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?

View state is a kind of hash map (or at least you can think of it that way) that ASP.NET uses to store all the temporary information about a page - like what options are currently chosen in each select box, what values are there in each text box, which panel are open, etc. You can also use it to store any arbitrary information.

The entire map is serialized and encrypted encoded and kept in a hidden variable that's posted back to the server whenever you take any action on the page that requires a server round trip. This is how you can access the values on the controls from the server code. If you change any value in the server code, that change is made in the view state and sent back to the browser.

Just be careful about how much information you store in the view state, though... it can quickly become bloated and slow to transfer each time to the server and back.

As for encryption, I dont' know how strong it is, but its sure not easily human readable. I wouldn't use it for sensitive information, though. As pointed out in the comments, it's not encrypted at all. Just base encoded, which easily reversible.

If you really want to understand ViewState (not just what it is used for), then you may want to read this fabulous article (which I, unfortunately, am not the author of :-). Beware, though, it is a bit dated, but still a very good read.

It is a hidden field generated by ASP.NET that contains information about all the controls on the page. Ideally the view state should not need to be encrypted, as it should never contain sensitive information. To indicate that the view state should be encrypted, set the <machineKey> element's validation attribute in the machine.config file to 3DES. There's a nice article on MSDN describing ViewState.