Menu
I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
it occurs when a user try to do sql injection attack or some HTML or SCRIPT operations by entering them in Username text field of Login control. I tried many things such as enclosing the authentication login in try catch block and catching the
System.Web.HttpRequestValidationException exception also doing same for an event created by me as same as onTextChange for Username TextBox. But all these tries failed. Please tell me how to check for this exception and display a nice funny message to the attacker?
328
We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.
This error description means some one entered HTML markup or script which can be dangerous to the server.
Here are a few examples of how to provide a friendlier error msg:
http://romsteady.blogspot.com/2007/06/how-to-catch-httprequestvalidationexcep.html
How to catch HttpRequestValidationException in production
The thing you need to keep in mind is that this exception is thrown before you page code happens. So you normally cannot catch the error in your page code, but only in Application_Error.
I have not tried this myself, but this site gives a alternative way to allow your page code to execute, but still protect yourself from malicious input using the built in logic, as well as catching the exception within your own code.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
