It sounds like you're using an ancient version of .NET Framework - beginning with .NET 4.5.2, released in December 2013, the ViewState field(s) are encrypted and protected with a Message Authentication Code. And a patch released in September 2014 set ASP.NET to ignore the
EnableViewStateMac
setting and use the ASP.NET 4.5.2 encryption settings in all versions of ASP.NET going back to ASP.NET 1.1.
So if you are still able to tamper with the ViewState, that suggests your server is at least 10 years behind on its security patches. Which means you have much bigger problems to deal with!
Secure ASP.NET ViewState - .NET Blog[
^]