Disabling ASP.NET Request Validation (for just one page) in a .NET 3.5 project hosted on IIS 7.5 with only .NET 4.0 installed

时间秒杀一切 提交于 2019-12-08 07:11:10

问题


I'm having a problem with request validation in ASP.NET webforms that I am fairly sure is down to me hosting a .NET 3.5 project on IIS 7.5 (Windows 7 - local development machine).

Essentially I'm receiving a postback from an external site (that is entirely outside of my control) and receiving the following exception:

A potentially dangerous Request.QueryString value was detected from the client (DATA="<IDP MSGTYPE="Authen...").

I've got this set in the page declaration:

<%@ page language="C#" autoeventwireup="true" inherits="postexternal" enableviewstate="false" masterpagefile="~/SiteBase/transactional.master" Codebehind="postexternal.aspx.cs" validaterequest="false" %>

(and additionally I've tried turning it off in web.config/page as well - to no avail.

I think that this may be to do with a breaking change made in (what MS say) ASP.NET 4.0, as described here: http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes#0.1__Toc256770147

But if I add that configuration into my web.config I get a configuration error (as its running in a .NET 2.0 application pool).

Whichever way I look I'm stuck at the moment so would appreciate any pointers/advice people have. Is there anyway I can work around this any other way?). I could try to install .NET 2.0 but I'm not sure that is even going to work (and seems a pretty fragile method to try).

Thanks.


回答1:


I had this issue too and adding this to the web.config resolved the issue.

<httpRuntime requestPathInvalidCharacters="" />

By Default, .Net 4.0 rejects all requests with <>*%&:\? characters which may be causing the issue for you like it was for me.

[ConfigurationProperty("requestPathInvalidCharacters", DefaultValue=@"<,>,*,%,&,:,\,?")]
public string RequestPathInvalidCharacters { get; set; }



回答2:


You can find a solution on tihs page : https://msdn.microsoft.com/en-us/library/hh882339.aspx

or just update your web.config file after system.web tag with this :

</system.web>
<location path="MyPage.aspx">
    <system.web>
        <pages validateRequest="false" />
        <httpRuntime requestValidationMode="2.0" />
    </system.web>
</location> 


来源:https://stackoverflow.com/questions/5910605/disabling-asp-net-request-validation-for-just-one-page-in-a-net-3-5-project-h

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!