asp.net consultancy chorley ASP.NET Server Side Scripting Wigan
Website Development Radcliffe

IT Services And Support

Email : ren@techsolus.co.uk
Mobile Phone : 0788 68 41 411
Answerphone : 01204 469683
bespoke invoice systems Standish Information Technology Advice Worsley
    development systems Ramsbottom
data manipulation Farnworth access databases Whitefield SQL connections Atherton
online accessible software Leyland software compatible Coppull


Get connected and Online Tottington
remote management Makerfield code and design Aspull

ASP.Net 4 ValidateRequest False Error to Solution - 06/03/2013

You've a happy little asp.net 2.0 app/page whatever workking fine.  Part of that program has a web page that allows you to upload HTML.  Of course when you first wrote this asp.net complained bitterly that you can't upload ANY html because it's very naughty and it's likely to be evil hackers trying to take over your website, server and the world. You know it's not so you put in the page directive ValidateRequest = "False"

<% @ Page Language = "vb" validateRequest = "false" debug = "true" %>

Everything works fine.  Then one day you have cause to move your server...hosting...settings to ASP.Net 4 or up.  Your working page no longer works, you receive the warning that evil forces are at work and the end of the world is nigh, even though you know it's not.  The ValidateRequest is no longer working. The solution is to enter this into your WEB.CONFIG file...

<location path="myfolder/mypage.aspx">
 <system.web> 
  <httpRuntime requestValidationMode="2.0" />
 </system.web>
</location>

What you're asking here is for the particular page to be validated using the old style 2.0 method. That's all you NEED to know...

Just in case you're wondering, basically the old 2.0 would get the data off the user, the request, then look at the code to decide whether or not it validates the request or not.  This is dodgy because the request is already "in the system" and if it's nasty then it's already half-way-in.  4.0 sorta checks the request long before it even looks at the page's code to process it.  It shuts the doors before it gets any further.  So by the time the page loads and says"Don't bother shutting the door" it's too late, the request has already errored out and dropped. 

The web config just tells 4.o that for the page listed be sure to process things the old 2.0 way, IE check the code before ya bomb out to see if you want it validating.  It's more of a workaround really...

Post A Comment

Name Comment
programming services asp.net specialist
Valid XHTML 1.0 Transitional
Admin
GD