ASP.Net app through WebSeal is changing viewstate value

Question

I have an ASP.Net 3.5 app that needs to run on WebSeal which is a Java reverse-proxy app that re-formats URLs in the page delivered to the browser so that a URL of www.myserver.com can become www.myserver.com/newlocation/home. It looks for URLs to modify in the page and performs a string replacement to the re-directed address.

My problem is that it also does this for the __VIEWSTATE and __EVENTVALIDATION variables on the page. Since the __VIEWSTATE data looks like this on the page when it's encoded:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzA5MTE.......

it's seen by WebSeal as a URL because it starts with a slash character and ends up coming out as this when the page is rendered:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/newlocation/homewEPDwUJNzA5MTE.......

This causes the viewstate data to be invalid and the page fails.

Is there a way for me to capture the viewstate value and flip it back at some point server-side? I think encrypting the viewstate could also work, but any time a slash appears leading off an INPUT tag value, this is going to happen.

Thanks for any assistance.

Answer 1

I'd suggest writing your own PageStateProvider class. See here for more information: http://msdn.microsoft.com/en-us/library/system.web.ui.pagestatepersister.aspx

You could write still write your viewstate out to a hidden field, but ensure that it always starts with a character that webseal won't interpret as a URL. Alternatively, you could just store your ViewState on the server instead (Session, Database, Velocity cache, etc).

HTH.