Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can Request Validation be disabled for HttpHandlers?

Tags:

validation

asp.net

request

httphandler

Is it possible to disable request validation for HttpHandlers?

A bit of background - I've got an ASP.NET web application using an HttpHandler to receive the payment response from WorldPay. The IIS logs show that the handler is being called correctly from WorldPay, but the code inside the handler is never called.

If I create a physical ASPX page and set ValidateRequest=false in the header, and put the same code in the Page_Load method, the code is called without any problems.

This solves the problem, though I'd prefer to stick with using an HttpHandler for this as it's better suited for this type of functionality, rather than having an empty ASPX page, though this is dependent on being able to disable request validation.

The web application is using ASP.NET 2.0 and the server is IIS6.

like image 684
Mun Avatar asked Aug 26 '09 04:08

Mun

People also ask

Which attribute can be used to disable request validation for a property?

You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section.

How can you bypass the validation of ASP.NET controls?

To disable a validation controlSet the validation control's Enabled property to false.

What is request validation mode?

Request validation is a feature in ASP.NET that examines an HTTP request and determines whether it contains potentially dangerous content. In this context, potentially dangerous content is any HTML markup or JavaScript code in the body, header, query string, or cookies of the request.

How are httpHandlers gets configured?

To create a custom HTTP handler, you create a class that implements the IHttpHandler interface to create a synchronous handler. Alternatively, you can implement IHttpAsyncHandler to create an asynchronous handler. Both handler interfaces require that you implement the IsReusable property and the ProcessRequest method.

1 Answers

it is quite easy. Change the following snippet to match the handler path and add in your web.config: 

<configuration>
  ....
  <location path="YOUR HANDLER PATH" allowOverride="true">
    <system.web>
      <httpRuntime requestValidationMode="2.0" />
      <pages validateRequest="false" />
    </system.web>
  </location>
</configuration>
like image 75
giammin Avatar answered Oct 04 '22 04:10

giammin
Sign in to Comment

Related questions

How does preCondition="managedHandler" work for modules?
How to resolve Web API Message Handler / DelegatingHandler from IoC container on each request
Is it possible to make separate dlls with MVC project?
Kestrel webserver for Asp.Net Core - does it recycle / reload after some time
ASP NET Core 2 with Full Framework
Is specifying the listening HTTP port via UseUrls the correct way?
Issues with Long Paths using .NET 4.6.2 on a web application
ASP.NET Core 2.1 Preview 2 App Not working on Azure App Service
Quickest way to get Scaffold code created with C#/ASP.NET
How to send HTTP Auth Credentials with a WCF Service Reference
Debug Toolbar for ASP.NET
How to inspect cache policies inside System.Runtime.Caching.ObjectCache?
Why is the content-range header stripped from requests in ASP.NET Web API?
Process.Start() under asp.net?
Difference between viewstate and controlstate
How should I implement OAuth for an application? [closed]
What are the possible causes for IIS to throw a ThreadAbortException and recycle the worker, with IIS logging "IIS configuration change"?
AllowAnonymous Attribute not working on Web API controller
Is it possible to create a DbContext Interface or abstract class and use it to inject different DbContext Objects?
How to HTTPS (SSL) with self-hosted ASP.NET Core 2 app (httpsys)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!