Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A potentially dangerous Request.Cookies value was detected from the client

Everytime when I open a Website Project/Web, Project in Visual Studio 2010 and try to run in Debug/non debug mode (F5/F11) I get this error error: "A potentially dangerous Request.Cookies value was detected from the client " .

I had installed VS 2010 SP1 a months ago, I'm not sure if it's related to this.

It happens to newly created project and existing projects. So I can't run any project.

I set the validaterequest in page and in web.config as most of the google search results sites suggested but I can't pass through this error.

Does someone know what the problem is and how to solve this problem?

SET in PAGE:
<%@ Page validateRequest="false" %>

SET in WEB.CONFIG:

<system.web>         
       <pages validateRequest="false" />     
</system.web> </br>

< /configuration>

Server Error in '/WebApp' Application.

A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization=". After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization="

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization="


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.225

like image 343
ethem Avatar asked May 04 '11 09:05

ethem


2 Answers

Use

<system.web>
    <httpRuntime requestValidationMode="2.0" />
</system.web>

In your web.config

like image 69
Arindam Rudra Avatar answered Nov 10 '22 08:11

Arindam Rudra


You get this error when ASP.NET blocks pages from sending html tags in GET/POST arguments and cookies to prevent script injection attacks. You can either:

  1. encode arguments/not send any html tags
  2. disable request validation

You can disable request validation for the whole site by adding to Web.config:

<configuration>
    <system.web>
        <httpRuntime requestValidationMode="2.0" />
        <pages validateRequest="false" />
    </system.web>
</configuration>

To disable for a single page, add to Web.config:

<configuration>
    <system.web>
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
</configuration>

and add to the .aspx page:

<%@ Page validateRequest="false" %> 

More Info: http://www.asp.net/learn/whitepapers/request-validation

like image 32
Ali Saeed Avatar answered Nov 10 '22 09:11

Ali Saeed