Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Strange ValidateInputIfRequiredByConfig error

Tags:

asp.net

asp.net-mvc

asp.net-mvc-3

I'm getting random exception caused by ValidateInputIfRequiredByConfig().

I don't have exact message, since our server is pt-BR, so error message is translated.

I know that this error can be thrown if user puts malicious code in input, ie example. But it's not case here.

I'm getting this one, requesting some images. Below some info from elmah.

HTTP_USER_AGENT:    GbPlugin
PATH_INFO:          /Content/images/BannerWelcome.jpg?1110311762734
PATH_TRANSLATED:    C:\inetpub\wwwroot\Content\images\BannerWelcome.jpg?1110311762734
REQUEST_METHOD:     GET
SCRIPT_NAME:        /Content/images/BannerWelcome.jpg?1110311762734

Application is ASP.NET MVC 3, running on Windows 2008, IIS 7.5

EDIT:

Exception message in pt-BR:

System.Web.HttpException
Um valor possivelmente perigoso Request.Path foi detectado no cliente (?).

System.Web.HttpException (0x80004005): Um valor possivelmente perigoso Request.Path foi detectado no cliente (?).
   em System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   em System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

EDIT:

Exception message in English: "A potentially dangerous value was detected from the client Request.Path"

EDIT 2:

I can't reproduce this error. As I know it is just in request to this image.

like image 204
Zote Avatar asked Nov 14 '11 16:11

Zote

2 Answers

<pages validateRequest="false" />

does not work in MVC3.

1) You have to explicitly put [ValidateRequest(false)] on each controller or action

2) If you use .NET4 this is not sufficient as there is a "bug/feature" in .NET4 which prevent [ValidateInput(false)] to work. You have to also disable requestPathInvalidCharacters,validateRequest and requestFiltering by using requestValidationMode of 2.0 :

<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
like image 185
Softlion Avatar answered Nov 12 '22 10:11

Softlion

I made three changes to solve this issue:

1) 

<system.web>
    <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
     </system.web>

2) 

<system.webServer>      
    <security>  <requestFiltering allowDoubleEscaping="true" /> </security>
    </system.webServer>

3) <pages validateRequest="false" />

like image 22
charles Avatar answered Nov 12 '22 09:11

charles
Sign in to Comment

Related questions

How do modern implementations of Comet/Reverse AJAX work? Any stable C# WCF or ASP.NET implementations?
Static compression in IIS does not work for htm, js files
Embedded dll resources
How to create rich domain objects while maintaing persistence ignorance?
__dopostback not working as expected
Visual Studio localhost prompting for login
ASP.NET Request.ClientCertificate returning empty on IIS 7
Can I use HTML5 WebSockets for tasks usually accomplished with AJAX?
WebForms page inside of Orchard CMS Application
Global Variables vs. ASP.NET Session State
How can I see what's in my HttpContext.Cache
Click anywhere on a GridView row to enter the edit mode
Why should I choose Crystal Report or SSRS over plain HTML table?
Delete selected parent node and child nodes - Collection was modified; enumeration operation may not execute [duplicate]
Two way databinding in ASP.NET
OutputCache.VaryByHeader is not generating a Vary header in the response
CacheDependency from 2 or more other cache items. (ASP.NET MVC3)
Where does the MVC3 default template store user-account information?
Force Full Postback programmatically from UpdatePanel
ResolveUrl/Url.Content Equivalent in Classic Asp

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!