[Beef brisket] How to turn off request validation for. NET framework4.0

Source: Internet
Author: User

When tapping the beef brisket, click Run prompt: From the client to detect a potentially dangerous request.form value, feel that their code is not a problem to knock, so start a variety of checks, the following to share my research on this.


Why did you report this error?


In a WEB application, it is essential to constrain and validate user input in order to block hacker attacks that rely on malicious input strings. Cross-site scripting attacks are an example of this type of attack. Other types of malicious or unwanted data can be passed in through various forms of input in the request. You can block unwanted events by restricting the types of data that are allowed at a lower level in your application, even if the programmer using the code does not properly use the appropriate validation technology.


This exception is thrown when request validation detects potential malicious client input to abort request processing. Request abort can indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. The above is the system error message. The reason is that, in ASP. NET 1.1, when the ValidateRequest property on the @Page directive is opened, it is checked to determine that the user is not sending potentially dangerous HTML markup in the query string, Cookie, or form field. If this condition is detected, an exception is thrown and the request is aborted. This property is turned on by default, and you can be protected without any action. If you want to allow HTML tags to pass, you must actively disable this property.


What is request validation?


Validaterequest= "False" is to turn off authentication
The Requestvalidationmode has two values:
2.0 request validation is enabled for Web pages only. Whether it is enabled or closed depends on the validaterequest.
4.0 default value. Any HTTP request will enable request validation, which means not just the Web page, but also cookies. This is enforced at this time, regardless of the validaterequest value.


How do I resolve this error?


Asp. The request validation feature in NET provides a level of protection against XSS attacks, and the previous version of ASP. Request validation is initiated by default, but he applies only to ASP. aspx files and. aspx.cs files.
In Asp.net4, request validation is initiated by default for all types of requests because it is started before beginrequest is called, and the result is that requests for all resources are validated for request, not just in. aspx files and their class files, including even the web Service and Custom HttpHandler. Similarly, when a custom httpmodules reads an HTTP request, it is also required to be authenticated. Since requestvalidationmode= "4.0" is mandatory, we will find that setting up validaterequest in the. NET Framework 4.0 is not a request verification The Requestvalidationmode is set to 2.0.

So we should set the following properties in the configuration file:

<system.web>
<compilation debug= "True" targetframework= "4.0"/>
<pages validaterequest= "false" ></pages>
</system.web>

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

[Beef brisket] How to turn off request validation for. NET framework4.0

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.