Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")

Tags:

asp.net-mvc-3

single-sign-on

wif

I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.

I followed all the instructions. 

<httpRuntime  requestValidationMode="2.0" />

check!

    [ValidateInput(false)]

check!

<pages validateRequest="false" >

check!

I tried a custom validator, but it never gets instantiated.

Error stack:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
   System.Web.HttpRequest.get_Form() +212
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

Any suggestions?

like image 233
Code Silverback Avatar asked Sep 30 '11 19:09

Code Silverback

People also ask

How do you fix potentially dangerous request form value was detected from the client?

We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.

Is a potentially dangerous request?

ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. This error description means some one entered HTML markup or script which can be dangerous to the server.

2 Answers

<httpRuntime requestValidationMode="2.0"/>

after this add

<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

also in mvc3 there is an AllowHtml attribute

[AllowHtml]
public string Property{ get; set; }

here are some useful links

ASP.NET MVC – pages validateRequest=false doesn’t work?

Why is ValidateInput(False) not working?

like image 117
Rafay Avatar answered Oct 29 '22 13:10

Rafay

See this answer if you are running .NET 4.5 which takes advantage of an updated request validator built in to ASP.NET.

like image 30
roryWoods Avatar answered Oct 29 '22 15:10

roryWoods
Sign in to Comment

Related questions

Error executing child request for handler 'System.Web.Mvc.HttpHandlerUtil+ServerExecuteHttpHandlerAsyncWrapper'
What are some scenario's of having a Session-less Controller in ASP.NET MVC3?
The layout page "{path}" could not be found
ValidationSummary and ValidationMessageFor with custom CSS shown when no errors present
Accessing ninject kernel in Application_Start
EditorFor not rendering data validation attributes without BeginForm
How to get parent view from partial view
What is this error in ASP.NET MVC 3 RTM Project?
MVC 3 AuthorizeAttribute Redirect with Custom Message
ASP.NET MVC3 project does not always publish all views/content
Configure log4net for asp.net MVC3 project
Could not load file or assembly ICSharpCode.SharpZipLib... When using nuGet package ExcelDataReader
ASP.NET MVC Beta Authorize attribute sends me to wrong action
How do I return a status code, status description and text together in MVC3?
Radiobuttons instead of dropdownlist in mvc 3 application?
Always output raw HTML using MVC3 and Razor
How can I pass HTML content to a Partial View in MVC-Razor like a "for" block
Failed to load all resources - error 500
Problem setting an html attribute containing hyphens in ASP.NET MVC
The version of clr.dll in the target does not match the one mscordacwks.dll was built for

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!