So you're getting what you expect even with an invalid ViewState? And a 302 indicates a good auth? What does a bad auth do?
This is preliminary, but here's a slight modification to the sample external monitor in /config/monitors/sample_monitor:
!/bin/sh
these arguments supplied automatically for all external pingers:
$1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname)
$2 = port (decimal, host byte order)
$3 and higher = additional arguments
pidfile="/var/run/$MONITOR_NAME.$1..$2.pid"
if [ -f $pidfile ]
then
kill -9 -`cat $pidfile` > /dev/null 2>&1
fi
echo "$$" > $pidfile
node_ip=`echo $1 | sed 's/::ffff://'`
response=`curl -s http://$node_ip:$2/redir.php -d "test=1234&foo=bar" -w "%{http_code}"`
if [ $response -eq 302 ]
then
rm -f $pidfile
echo "up"
fi
rm -f $pidfile
This simply looks at the return code (302) from the response. It can, and probably should be more elaborate that this.
Where does the logon page get the ViewState value by the way?