Hi,

I have a simple aspx page contain a form to submit to server.
When I open the page in IE and view the source, I see there is a VIEWSTATE hidden input with some value. I know it is the saved state of the control in my form.
I save the code as HTML, and modify the VIEWSTATE value and re-submit the form to server, and I go the following error:

[FormatException: Invalid character in a Base-64 string.]
System.Convert.FromBase64String(String s) +0
System.Web.UI.LosFormatter.Deserialize(String input) +25
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +102

[HttpException (0x80004005): Invalid_Viewstate
Client IP: 10.10.18.237
Port: 3226
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
ViewState: avsdsgdfg;;;dDw2MTM1NjE........BmTEJ6Kxa+Lftpa0dNghkUUHc=
Http-Referer:
Path: /test/testpage.aspx.]
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +447
System.Web.UI.Page.LoadPageViewState() +18
System.Web.UI.Page.ProcessRequestMain() +447

I would like to know, how can I catch such exception and re-direct user to a custom error page instead?

Or, more general, is it possible to redirect user to a custom error page when there is an unhandled exception?

Why I do so is because some hacker may intentionally modify the page in this way in order to discover extra system information, and I need to prevent this from happening.

Thx a lot!