Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Web =>  ASP.NET

ASP.NET 4 Breaking Changes #1: requestValidationMode cause ValidateRequest=False to fail

  kwanann      2011-11-07 13:50:29      4,143    0    0

The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.

In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.

As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file: <httpRuntime requestValidationMode=”2.0″ />

IMPORTANT:

Because this is now in the BeginRequest phase of a HTTP request, pages with validationRequest=”false”  will still get the dreaded message. The only way is to

  1. Set requestValidationMode=”2.0″ in which case the page setting will apply
  2. Ignore requestValidationMode setting and create your own requestvalidator and change your web.config to use the custom validator (Click here to view how to do it)
P.S From Pixelstech.net editor:
The line of code <httpRuntime requestValidationMode=”2.0″ /> should be put between <system.web> and </system.web>.

Source:http://jefferytay.wordpress.com/2010/04/15/asp-net-4-breaking-changes-1-requestvalidationmode-cause-validaterequestfalse-to-fail/

ASP.NET HTML CONTENT ERROR VALIDATEREQUEST REQUESTVALIDATIONMODE

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious

  RELATED


  0 COMMENT


No comment for this article.


  WRITE ARTICLE

When dealing with spaghetti code

By sonic0002