ViewStateUserKey to prevent XSRF (CSRF or cross-site request forgery) in ASP.NET

ViewStateUserKey has been around for many years and is an easy solution to prevent the infamous XSRF or cross-site request forgery class of attack.

It's documented:

ViewStateUserKey mitigates XSRF by including a unique identifier in the user's request.

This protection mechanism has been available for many years when Microsoft identified the one-click attack, now more commonly referred to as XSRF.