How do I disable request validation without setting RequestValidationMode to 2.0?

邮差的信 提交于 2019-12-04 23:09:28

I found a way to achieve this without changing RequestValidationMode to 2.0 to the whole site:

You can crate a sub-directory for the page you want to disable the request validation and add a new web.config to this directory with RequestValidationMode set to 2.0, this way only this directory will work in 2.0 mode without affecting all other requests that will work in 4.0 mode.

I think you can add an location section to your main web.config specifying only one page, but I didn't tested this yet. Something like this:

<location path="Admin/Translation.aspx">
    <system.web>
        <httpRuntime requestValidationMode="2.0"/>
    </system.web>
</location>

Hope it helps you as helped me !

Your best bet is to override the requestValidationType with your own code:

<httpRuntime requestValidationType="YourNamespace.YourValidator" />

MSDN link

It appears that it is not possible to turn this on or off for a page in requestValidationMode 4.0.

This whitepaper outlines breaking changes in .Net 4.0, of which this seems to be one. Even the whitepaper suggests reverting back to requestValidationMode 2.0

To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:

<httpRuntime requestValidationMode="2.0" />

Although it also helpfully recommends

that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

without giving any guidance on how best to resolve these issues

Rajeev Shenoy

You can set ValidateRequest to false in the page directive:

<%@ Page ValidateRequest="false" %>
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!