A potentially dangerous Request.Form value was detected from the client

 08-Nov-2014   nityaprakash     ASP.NET  Error    Comments  0

I have been working this week on migration application from one webfarm infrastructure to another webfarm. Our application was earlier deployed in IIS6 based webfarm which in process of migration to IIS7 based webfarm. During this migration, I encountered couple of issue such mentioned below.

It was not occurring in previous webfarm(IIS6). I had to set validateRequest property True at page level, if required on single page.


<%@ Page Language="C#" ValidateRequest="true" AutoEventWireup="true" 

We can also setup at application level in web.config within pages tag.


<pages validateRequest="false">
      ...
</pages>
  

After migrating to new webfarm it is started to give me above error again. Because we are using tinyMCE to update/create content which has to be shown as content on a website, this validation needed to bypass. So what I added below configuration in web.config.


<httpRuntime requestValidationMode="2.0" />

In ASP.NET 4.0 request validation mode is enabled by default for all request, Request validation is applied to all ASP.NET resources in ASP.NET 4.0, not just .aspx pages. Because it is enabled before the BeginRequest phase of HTTP request. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request. **As result, request validation errors might now occur for requests that previously did not trigger errors. To handle this issue we have to apply above setting in web.config. fgf


Nitya Prakash Sharma has over 10 years of experience in .NET technology. He is currently working as Senior Consultant in industry. He is always keen to learn new things in Technology and eager to apply wherever is possible. He is also has interest in Photography, sketching and painting.

My Blog
Post Comment

COMMENTS