30

When I trying to send form containing value with xml, I get HttpRequestValidationException:

A potentially dangerous Request.Form value was detected from the client

All approaches I found:

  1. <%@ Page ValidateRequest="false" %> in .aspx-file.
  2. <pages validateRequest="false" /> in web.config.
  3. [ValidateInput(false)] on controller's action.

don't help me.

Hope for any advice.

50 accepted

This is a documented breaking change in ASP.NET 4. See this whitepaper for more information. In short, add this in your system.web section of ~\Web.config:

<httpRuntime requestValidationMode="2.0" />

And remember to put [ValidateInput(false)] on controllers / actions you don't want to go through validation.

1

I Applied all the above but still I'm getting the same error.I'm using asp.net web forms 4.0

0

Is there any way to handle this without go back to 2.0?

0

Same problem using UrlEncoding for a search url. Server.UrlEncoding() adds plus (+) sign to string spaces. Strangely works, with the same settings on my local IIS (on Windows 7 X64). The server is Windows 2008 x64 with IIS 7.0.

0

I have included the line in my web.config file but still see the validation error for ASP.NET4 web forms.

0

The problem I had was that I was linking to a file that had a special character in the name, i.e. "&". Once I removed the & it worked fine. I guess look for special characters.

0

Does it matter where exactly I paste this line:

<httpRuntime requestValidationMode="2.0" />

If it does, where should it be?