I've been noticing random errors on a site and think I've finally got the answer... I've been receiving these "Invalid length for a Base-64 char array" or "Unable to validate data" errors from users in complete randomness. Specifically:
System.FormatException: Invalid length for a Base-64 char array.
System.Web.HttpException: The client disconnected. ---> System.Web.UI.ViewStateException: Invalid viewstate.
System.Web.HttpException: Unable to validate data.
System.Web.HttpException: The client disconnected.---> System.Web.UI.ViewStateException: Invalid viewstate.
There's no pattern. I go to the exact same page, refresh, stop, use back keys, etc... and to no avail, no error... According to other blogs and forums, they suggest turning off some security features, which was NOT an option and shouldn't be for you either. My first stop was at my system administrators office. I thought something is meddling with the viewstate. Maybe an intrusion detection or firewall setting was cleaning out some weird characters. After further investigation, nothing.
So looking through the web.config, I took a look at my http handlers. I notice I'm using the RadCompression Utility, (http://www.telerik.com/products/aspnet-ajax/compression.aspx). Apparently, this utility and other similar utilities are notorious for causing these errors. At some point, one of these handlers manipulates the viewstate incorrectly (most likely a bug in the software), that changes the viewstate by attempting to optimize it. When the viewstate is different between callbacks, you'll get on of the errors above.
What ever you do, don't disable .NET inherent security controls like event validation. These controls are there for a reason... Security should always be your #1 priority.
UPDATE: A few months later, I reproduced this problem again, but this time at home. I'm on a wireless connection, and my glorious FIOS wireless router loses connection in the middle of a page refresh.