A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")

Q: How do you fix potentially dangerous request form value was detected from the client?

We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.

Q: Is a potentially dangerous request?

ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. This error description means some one entered HTML markup or script which can be dangerous to the server.

Tags:

asp.net-mvc-3

single-sign-on

wif

I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.

I followed all the instructions.

<httpRuntime  requestValidationMode="2.0" />

check!

    [ValidateInput(false)]

check!

<pages validateRequest="false" >

check!

I tried a custom validator, but it never gets instantiated.

Error stack:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
   System.Web.HttpRequest.get_Form() +212
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

Any suggestions?

233

asked Sep 30 '11 19:09

Code Silverback

2 Answers

<httpRuntime requestValidationMode="2.0"/>

after this add

<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

also in mvc3 there is an AllowHtml attribute

[AllowHtml]
public string Property{ get; set; }

here are some useful links

ASP.NET MVC – pages validateRequest=false doesn’t work?

Why is ValidateInput(False) not working?

117

answered Oct 29 '22 13:10

Rafay

See this answer if you are running .NET 4.5 which takes advantage of an updated request validator built in to ASP.NET.

answered Oct 29 '22 15:10

roryWoods

Related questions
                            
                                Error executing child request for handler 'System.Web.Mvc.HttpHandlerUtil+ServerExecuteHttpHandlerAsyncWrapper'
                            
                                What are some scenario's of having a Session-less Controller in ASP.NET MVC3?
                            
                                The layout page "{path}" could not be found
                            
                                ValidationSummary and ValidationMessageFor with custom CSS shown when no errors present
                            
                                Accessing ninject kernel in Application_Start
                            
                                EditorFor not rendering data validation attributes without BeginForm
                            
                                How to get parent view from partial view
                            
                                What is this error in ASP.NET MVC 3 RTM Project?
                            
                                MVC 3 AuthorizeAttribute Redirect with Custom Message
                            
                                ASP.NET MVC3 project does not always publish all views/content
                            
                                Configure log4net for asp.net MVC3 project
                            
                                Could not load file or assembly ICSharpCode.SharpZipLib... When using nuGet package ExcelDataReader
                            
                                ASP.NET MVC Beta Authorize attribute sends me to wrong action
                            
                                How do I return a status code, status description and text together in MVC3?
                            
                                Radiobuttons instead of dropdownlist in mvc 3 application?
                            
                                Always output raw HTML using MVC3 and Razor
                            
                                How can I pass HTML content to a Partial View in MVC-Razor like a "for" block
                            
                                Failed to load all resources - error 500
                            
                                Problem setting an html attribute containing hyphens in ASP.NET MVC
                            
                                The version of clr.dll in the target does not match the one mscordacwks.dll was built for

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")

Tags:

asp.net-mvc-3

single-sign-on

wif

Code Silverback

People also ask

2 Answers

Rafay

roryWoods

Recent Activity

Donate For Us