A potentially dangerous Request.Form value was detected from the client (textboxError="<Responses><Response...")

Question

I'm using ozeki ng SMS gateway. I'm unable to send any SMS to any mobile. Please help me to send SMS through net to mobile

A potentially dangerous Request.Form value was detected from the client (textboxError=". After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (textboxError="

AND my cs file is

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Net;
using System.Text.RegularExpressions;

public partial class _Default : System.Web.UI.Page 
{


    protected void Page_Load(object sender, EventArgs e)
    {
        textboxRecipient.Width = 400;
        textboxMessage.Width = 450;
        textboxMessage.Rows = 10;
        textboxError.Width = 400;
        textboxError.Rows = 5;

        textboxError.ForeColor = System.Drawing.Color.Red;
        textboxError.Visible = false;
        textboxError.Text = "";

        if (!Page.IsPostBack)
        {
            textboxRecipient.Text = "+441234567";
            textboxMessage.Text = "Hello World!";
        }
    }

    protected void buttonSendOnClick(object sender, EventArgs e)
    {
        //are required fields filled in:
        if (textboxRecipient.Text == "")
        {
            textboxError.Text += "Recipient(s) field must not be empty!\n";
            textboxError.Visible = true;
            return;
        }

        //we creating the necessary URL string:
        string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running
        string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening
        string ozUser = HttpUtility.UrlEncode("admin"); //username for successful login
        string ozPassw = HttpUtility.UrlEncode("admin"); //user's password
        string ozMessageType = "SMS:TEXT"; //type of message
        string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); //who will get the message
        string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); //body of message

        string createdURL = ozSURL + ":" + ozSPort + "/httpapi" +
            "?action=sendMessage" +
            "&username=" + ozUser +
            "&password=" + ozPassw +
            "&messageType=" + ozMessageType +
            "&recipient=" + ozRecipients +
            "&messageData=" + ozMessageData;

        try
        {
            //Create the request and send data to Ozeki NG SMS Gateway Server by HTTP connection
            HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL);

            //Get response from Ozeki NG SMS Gateway Server and read the answer
            HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();
            System.IO.StreamReader respStreamReader = new System.IO.StreamReader(myResp.GetResponseStream());
            string responseString = respStreamReader.ReadToEnd();
            respStreamReader.Close();
            myResp.Close();

            //inform the user
            textboxError.Text = responseString;
            textboxError.Visible = true;
        }
        catch (Exception)
        {
            //if sending request or getting response is not successful Ozeki NG SMS Gateway Server may do not run
            textboxError.Text = "Ozeki NG SMS Gateway Server is not running!";
            textboxError.Visible = true;
        }

    }
}

and my asp page is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Ozeki NG SMS Gateway Message Sending Example</title>
</head>
<body>
    <center>
    <form id="smsdata" runat="server">
        <asp:Table id="smstable" runat="server" style="text-align:left; border-width:thin; border-color:Silver;" BorderStyle="Solid">
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2">
                    <b>Compose a message:</b>
                    <br />
                    <br />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelRecipient" runat="server" Text="Recipient: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxRecipient" runat="server"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell HorizontalAlign="Left" VerticalAlign="Top">
                    <asp:Label ID="labelMessage" runat="server" Text="Message Text: "></asp:Label>
                </asp:TableCell>
                <asp:TableCell>
                    <asp:TextBox ID="textboxMessage" runat="server" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:Button ID="buttonSend" runat="server" Text="Send Message" OnClick="buttonSendOnClick" />
                </asp:TableCell>
            </asp:TableRow>
            <asp:TableRow>
                <asp:TableCell ColumnSpan="2" HorizontalAlign="Center">
                    <asp:TextBox ID="textboxError" runat="server" BorderStyle="None" TextMode="MultiLine"></asp:TextBox>
                </asp:TableCell>
            </asp:TableRow>
        </asp:Table>
    </form>
    </center>
</body>
</html>

Answer 1

Your problem is that the value of one of your fields (textboxError) includes XML- or HTML-style tags, which by default are disallowed to avoid developers introducing potential security issues within their applications.

The solution is given in the error message; you need to add validateRequest="false" in either the @Page directive at the top (omitted in your sample) or in web.config.

Note that if you're using .net 4, you need to drop back to the validation mode from 2.0, by altering web.config slightly and adding:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
</system.web>

See this MSDN article on requestValidationMode for more information on requestValidationMode.

Answer 2

Your problem is that the value of one of your fields (textboxError) includes XML- or HTML-style tags, which by default are disallowed to avoid developers introducing potential security issues within their applications.

The solution is given in the error message; you need to add

  [HttpPost]
  [ValidateInput(false)]

In Controller

Answer 3

I found the following solution that enables you to only disable the validation on just one field! (i would hate to disable it for the whole page)

vb.net:

Public Class UnvalidatedTextBox
    Inherits TextBox
    Protected Overrides Function LoadPostData(postDataKey As String, postCollection As NameValueCollection) As Boolean
        Return MyBase.LoadPostData(postDataKey, System.Web.HttpContext.Current.Request.Unvalidated.Form)
    End Function
End Class

c#:

public class UnvalidatedTextBox : TextBox
{
    protected override bool LoadPostData(string postDataKey, NameValueCollection postCollection)
    {
        return base.LoadPostData(postDataKey, System.Web.HttpContext.Current.Request.Unvalidated.Form);
    }
}

Now just use <prefix:UnvalidatedTextBox id="test" runat="server" /> instead of <asp:TextBox and it should allow all chars (this is perfect for password fields!)