Setting the ViewStateUserKey property can help you prevent attacks on your application from malicious users. It does this by allowing you to assign an identifier to the view-state variable for individual users so that they cannot use the variable to generate an attack. For more information about Web attacks and about what you can do to help prevent them, see Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks.
You can set this property to any string value, such as the user's authenticated name or the SessionID value.
You must set this property during the Page_Init phase of page processing. Setting this property during the Page_Load phase throws an exception.