I can't turn off Request Validation for an ASP.NET MVC Controller

Question

I am trying to turn off Request Validation for all action methods in a controller by doing this:

[ValidateInput(false)]
public class MyController : Controller
{
    ...

The reference I am using says this is possible and tells me to do it this way, but for some reason it's not working.

If I submit any html (even a simple <b> tag) through a text box, I get the error:

A potentially dangerous Request.Form value was detected from the client (text=<b>").

It's also not working by attaching the attribute to an individual method.

How can I disable Request Validation for a controller?

EDIT

I am working in VS2008 built in test server.

Answer 1

Pro ASP.NET MVC Framework (p466) says the following is supposed to work:

public class MyController : Controller 
{
     public MyController() {
        ValidateRequest = false;
     }
}

Answer 2

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method?

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

Answer 3

To make it working you need to modify web.config as well:

<system.web>
    <httpRuntime requestValidationMode="2.0"/>
    ...
</system.web>