Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I disable request validation without setting RequestValidationMode to 2.0?

Tags:

c#

.net

asp.net

request-validation

requestvalidationmode

We've just upgraded to ASP.NET 4.0, and found that requestValidation no longer works. The MSDN docs suggest we need to set requestValidationMode in web.config to 2.0:

  • 4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.
  • 2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

This will work for us, however I'm a little puzzled. It seems that we're putting this into a legacy/compatibility mode. Surely it should be possible to have the 4.0 behaviour, but still have an option to turn this off on a page?

like image 212
Danny Tuppeny Avatar asked Oct 12 '11 13:10

Danny Tuppeny

2 Answers

I found a way to achieve this without changing RequestValidationMode to 2.0 to the whole site:

You can crate a sub-directory for the page you want to disable the request validation and add a new web.config to this directory with RequestValidationMode set to 2.0, this way only this directory will work in 2.0 mode without affecting all other requests that will work in 4.0 mode.

I think you can add an location section to your main web.config specifying only one page, but I didn't tested this yet. Something like this:

<location path="Admin/Translation.aspx">
    <system.web>
        <httpRuntime requestValidationMode="2.0"/>
    </system.web>
</location>

Hope it helps you as helped me !

like image 60
Jeison Souza Avatar answered Oct 09 '22 07:10

Jeison Souza

Your best bet is to override the requestValidationType with your own code:

<httpRuntime requestValidationType="YourNamespace.YourValidator" />

MSDN link

like image 32
Scott R. Frost Avatar answered Oct 09 '22 07:10

Scott R. Frost
Sign in to Comment

Related questions

How to determine whether a .NET exception is being handled?
Detecting a control's focus in Silverlight
C# Interfaces- only implement an interface in other interfaces
What is the advantage of Currying in C#? (achieving partial function)
Iterator blocks and inheritance
C# Hiding, overriding and calling function from base class
Why have all static methods/variables in a non-static class?
Removing the Title bar of external application using c#
How to add enum values to a list
Best way to convert Stream (of unknown length) to byte array, in .NET?
How do I take the "top n" using NHibernate Criteria API?
How to limit I/O operations in .NET application?
Preventing OutOfMemoryException with GC.AddMemoryPressure()?
What does <%# DataBinder.Eval(Container.DataItem,"ColumnName") %> in the Item Template do exactly?
Send Message in C#
C# .net - Web Camera Image Capture [closed]
C# to VB.NET: the **default** keyword? [duplicate]
MemoryCache.Add returns true but does not add item to cache
Find Certificate by hash in Store C#
Integrating Facebook chat

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!