My contemplations and diurnal novelties are publicized here

Archive for the ‘Asp.net’ Category

A potentially dangerous Request.Form value was detected from the client Asp.net 4.0


Our hosting provider just upgraded the site to 4.0 and an attribute in web.config break the whole site

<httpRuntime requestValidationMode=”2.0″ executionTimeout=”360″ />

Note: – This was supposed to be there to allow page level request validation to false.

Once i remove this attribute from web.config this error occurs.


So I again added this attribute after following change.

<httpRuntime requestValidationMode=”2.0″ />

And it worked

Here is a snapshot where this attribute can be placed

<system.web>

        <machineKey validationKey=”68CF5309D106F20B5C297979F7620C8358F6A” decryptionKey=”8C8ED732A8D973B303E152BBD5F” validation=”SHA1″ />

        <customErrors defaultRedirect=”~/GeneralError.htm” mode=”On” />

        <httpRuntime requestValidationMode=”2.0″ executionTimeout=”360″ />

<pages viewStateEncryptionMode=”Never” validateRequest=”false” enableEventValidation=”false” enableViewState=”true” enableViewStateMac=”false”>

            <controls>

                <add tagPrefix=”asp” namespace=”System.Web.UI” assembly=”System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />

            </controls>

        </pages>

References:-

  1. ASP.NET 4 Breaking Changes
Advertisements
%d bloggers like this: