Web Forms :: Keep The 4.0 Validation Scheme And Allow Such Request To Come In?
Mar 23, 2011
I read that I need to turn the validation to version of 2.0 to make the validateRequest="false" attribute working. Well, but how to allow requests containing html in 4.0? How can I keep the 4.0 validation scheme and allow such request to come in, say for particular web page?
I don't understand why I should lower the security of other requests like web services . So what's the 4.0 way of doing that, really?
View 1 Replies
Similar Messages:
Feb 24, 2011
I am getting following error in the Test which is in the same Box but IIS requires Https to view the Page. I have change Web.Config to accept https. I was able to add the Service References without any problem but while call the method I get The HTTP request was forbidden with client authentication scheme 'Anonymous'. this error message. I am trying to use userNameAuthentication.
<bindings>
<wsHttpBinding>
<binding name="Binding1">
[code]...
View 1 Replies
Oct 15, 2010
I'm using a WCF with windows authentication.
I also use custom binding:
[Code]....
While trying to access the service without specifing the user credentials everything work's ok and the current user(Thread.CurrentPrincipal.Identity.Name) at service is the logged in user.
When I try to set user credentials this way:
[Code]....
The service just ignores them.
When I try it this way:
[Code]....
I'm getting this error: "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'."
View 1 Replies
Sep 30, 2010
Is there a way to disable request validation on an action without having to add the line <httpRuntime requestValidationMode="2.0"/> to Web.config? I'm currently posting XML to a controller action and get the "A potentially dangerous Request.Form value..." error. Is disabling request validation the only way to get the post to work, or is there some way I can intercept and encode the value that contains XML between the view and the controller action?
View 1 Replies
Jul 12, 2010
Should I write my own connection pooling scheme?
(Question rewritten again so I can upvote peoples answers)
View 2 Replies
Jan 2, 2011
I have a GridView and I need update some data inserting HTML CODE; I would need this data been stored encoded and decoded on request.
I cannot in any way disable globally "Request Validation" and not even at Page Level, so I would need a solution to disable "Request Validation" at Control Level.
At the moment I am using a script which should Html.Encode every value being update, butt seems that "Request Validation" start its job before event RowUpdating, so I get the Error "Page A potentially dangerous Request.Form ... ".
void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
foreach (DictionaryEntry entry in e.NewValues)
{
e.NewValues[entry.Key] = Server.HtmlEncode(entry.Value.ToString());
}
PS I USE Wweb Controls not MVC
View 1 Replies
Mar 4, 2010
Does anyone have a recommendation of a link(s) that provides a variety of color schemes either to be set manually or through a file for VS.NET 2008? For example instead of the default, white background with blue and black letters (VB.NET), etc. I want to see some contrasting black background color schemes or other combinations?
View 3 Replies
Jul 22, 2010
When I fire a get request to a view in my application for some reason my model validation messages are displaying immediately on the page even before a form submit.
View 5 Replies
Mar 1, 2011
I have always been able to turn off request validation on IIS and cassini when I need to post HTML from an HTML Editor. Problem is I can't seem to do so on IIS express. Have tried the following:
<%@ Page Language="C#" ValidateRequest="false"
<system.web>
<pages validateRequest="false">
View 1 Replies
Dec 20, 2010
I created a little web service to minify JavaScript, and everything was nice, with all my tests passing. Then I noticed a bug: if I tried to minify alert('<script>');, it would throw a HttpRequestValidationException.
So that's easy enough to fix. I'll just add [AllowHtml] to my controller. But what would be a good way to unit test that this doesn't happen in the future?
The following was my first thought:
[TestMethod]
public void Minify_DoesntChokeOnHtml()
{
try
{
using (var controller = ServiceLocator.Current.GetInstance<MinifyController>())
{
return controller.Minify("alert('<script></script>');");
}
}
catch (HttpRequestValidationException)
{
Assert.Fail("Request validation prevented HTML from existing inside the JavaScript.");
}
}
However, this doesn't work since I am just getting a controller instance and running methods on it, instead of firing up the whole ASP.NET pipeline.
What would be a good unit test for this? Maybe reflector on the controller method to see if the [AllowHtml] attribute is present? That seems very structural, and unlikely to survive a refactoring; something functional might make more sense.
View 1 Replies
Jan 21, 2010
When a user presses Button1 on the Webpage, I would like to copy slightly modified string from txt1 (Text) into txt2 (Text).
The problem is sometimes I get an error "a potentially dangerous request.form value was detected from the client validaterequest". I get this error when special symbols llike "<" or ">" are in txt1.Text.I've read about that problem. That error is to prevent from hackers who can input scripts into the txt1.All I did is:
1) Put validateRequest="false" into <%@ Page Language="VB" validateRequest="false" at Default.aspx.
2) Default.aspx.vb contains now:
sHTMLEncodedString = Server.HtmlEncode(txt1.Text))
[code]....
Now it works and allows to take any data from txt1, slightly modify it and put into txt2.So, my question is: Did a level of security was reduced after I wrote validateRequest="false" ? Any code should be added to keep the good level of security? Or, I'd better use another way to copy txt1 to txt2?
View 7 Replies
Jan 8, 2011
I have a form that I have been getting submissions that have punctuation and special characters that trigger the potentially dangerous Request.Form value error. I have been trying use the httpUtility.htmlencode and Server.htmlencode method to sanitize textboxes and textareas.All my tests do not fire because the built-in request validation of the 4.0 framework prevents the code-behind from executing to perform the sanitization. I have included the ValidateRequest in the page header but no matter what I set it too it still does the same thing.
This is the code I have so far.
Session("RequestID") = Server.HtmlEncode(txtRequestID.Value)
Session("FirstName") = Server.HtmlEncode(txtInstFirstName.Text)
Session("LastName") = Server.HtmlEncode(txtInstLastName.Text) [code]....
What can I do to make this work? According to all the websites I have visited it should work.
View 3 Replies
Feb 3, 2010
I have a username textbox on a form, that has a few validation rules applied to it via the DataAnnotation attributes:
[Required(ErrorMessage = "FTP login is required")]
[StringLength(15, ErrorMessage = "Must be 15 characters or fewer")]
[RegularExpression(@"[a-zA-Z0-9]*", ErrorMessage = "Alpha-numeric characters only")]
public string FtpLogin { get; set; }
I also have a button next to this text box, that fires off a jQuery ajax request that checks for the existence of the username as follows:
<button onclick="check(this);return false;" id="FtpLoginCheck" name="FtpLoginCheck">Available?</button>
I'm looking for a way of tieing the two together, so that the client-side validation is performed before the call to the "check(this)" in the onclick event.
Edit: To be more clear, I need a way to inspect or trigger the client-side validation result of the textbox, when I click the unrelated button beside it.
Edit: I now have the button JS checking for $("form").validate().invalid, but not displaying the usual validation messages.
View 2 Replies
Dec 25, 2010
I am using one datalist control for uploading multiple images.I hv used one Asp:FileUplaod Control and one button in one itemtemplate.I am using reqired field validator and regular expression validator for file upload cntrl I am assigning validation group for both of them on ItemDataBound event of my datalist so that each upload cntrl hv same validaton group as required field and regular expression validator.Now what i want to do is - i want to show my error message in validation summary which is right at the top of the page.I want one know how to write javascript that will assign validation group of my control in datalist on which i click ?
View 1 Replies
Dec 22, 2010
How do I call Page.Request properties from a thread after the host headers are gone.
I used:
[Code]....
in Page_Load, but still get the error.
My ASP.NET Web app has a thread which calls a method in the Page. This method then calls:
searchQuery = Page.Request.Path
This throws an exception with a message of, "Request is not available in this context."
View 2 Replies
Mar 19, 2010
I am creating dropdown controls in code behind. in some conditions I need to add validation control to dropdowlist. But Validation not firing when I submit button.
If mQuestion.RequiredToAnswer = True Then
Dim mValidator As New RequiredFieldValidator
mValidator.ControlToValidate = mDDL.ID
mValidator.InitialValue = mDDL.Items(0).Text
mValidator.Display = ValidatorDisplay.Dynamic
mValidator.ErrorMessage = "* Required!"
mTableCell.Controls.Add(mValidator)
End If
I have other dropdown controls on aspx page with validation comtrols. Those are working fine. Only when I ddl and validations from code not working?
View 1 Replies
Jul 25, 2010
How can I disable the code behind validation when javascript validation is present? Then if there is no javascript enabled then the code behind validation will do its thing. What I notice is that it's reading the code behind valdiation not the javascript.
View 7 Replies
Dec 4, 2010
i have cascading dropdown ..the second ddl would visible or hide dependg on first ddl value.
i want required validation when the second ddl is visible only..if not visible the no validation should be done.
View 5 Replies
Nov 1, 2010
I am using the File upload control in asp.net
In that control filter option not available at least i need provide the validation for file upload control
like xml, xsls, txt
give me the syntax for the validation.
View 3 Replies
Jan 27, 2011
We're trying to implement functionality that intercepts, inspects, and alters if needed data in the Request.QueryString and Request.Form collections.
Since Request.QueryString and Request.Form are readonly, is it possible to use a HttpModule to do this without Reflection or Response.Redirect?
We're thinking that we can construct a new HttpRequest, and replace the original one. Would there be any implications in doing this?
I know mocking this object is impossible without using HttpRequestWrapper, but wasn't sure whether ASP.NET sets other things beyond the constructor.
View 2 Replies
May 15, 2010
I have a webservice which works 100% fine on my developer machine. Where Web Service is installed on LOCALHOST on my developer machine,Then i went to my servers, I installed webservice on one server and map it with the server where the website is hosted, Then i tried accessing this service using BROWSER from my web server, it worked fine, That means the mapping was done perfect.Then i run my program on web server (website). It worked fine on page1, then on page2, but when i did the same and call same function on page3, It popped me any error of
View 4 Replies
Dec 9, 2010
Is it at all possible to inject a request into IIS for a page, have IIS and ASP.Net handle it as normal, but get the response as html handed back to me programmatically?
Yes, I know that I could connect to port 80 using WebRequest and WebResponse, but that becomes difficult if you are accessing the IIS server from the same physical machine (loopback security controls et al).
Basically, I want to inject the request (eg for [URL]) between the points at which IIS would normally talk to the browser, and the point at which it would route it to the correct ASP.Net application, and get a response back from IIS between the points at which ASP.Net/IIS applies the httpfilters and hands the html back to the browser.
I'm predominantly working with IIS7 so if there is a solution that works just for IIS7 then thats not an issue.
View 2 Replies
Jun 29, 2010
This is a input
<input type="image" src="<%=Url.Content("~/images/shopping-cart.jpg")%>" alt="shopping cart" id="btnshoppingCart" name="btnshoppingCart" value="shoppingCart" />
when i browse the page with firefox and click on the input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is statisfied.
When i browse the same page with internet explorer 8 and click on the same input Request.Params["btnshoppingCart"] != null or Request.Form["btnshoppingCart"] != null is not satisfied. When i used the watch i saw that there is no key by the name of "btnshoppingCart" in either Request.Form or Request.Params if input is clicked from internet explorer. However when it is clicked from firefox there is value "shoppingCart" inside Request.Form and Request.Params against "btnshoppingCart" key. One more strange thing that i observed was that are two keys "btnshoppingCart.x" and "btnshoppingCart.y" inside both Request.Form and Request.Params whenver clicking is done from both internet explorer and firefox. This is happening against all inputs of type image irrespective if the input is present inside a html form or not. Forms are created like this
<% using (Html.BeginForm("Action", "Controller", FormMethod.Post)){%>
The version of internet explorer is 8.0 and firefox is 3.6.6
View 5 Replies
Jan 21, 2010
I there a way to know if a request is a soap request on AuthenticateRequest event for HttpApplication? Checking ServerVariables["HTTP_SOAPACTION"] seems to not be working all the time.
public void Init(HttpApplication context) {
context.AuthenticateRequest += new EventHandler(AuthenticateRequest);
}
protected void AuthenticateRequest(object sender, EventArgs e) {
app = sender as HttpApplication;
if (app.Request.ServerVariables["HTTP_SOAPACTION"] != null) {
// a few requests do not enter here, but my webservice class still executing
// ...
}
}
I have disabled HTTP POST and HTTP GET for webservices in my web.config file.
<webServices>
<protocols>
<remove name="HttpGet" />
<remove name="HttpPost" />
<add name="AnyHttpSoap" />
</protocols>
</webServices>
Looking at ContentType for soap+xml only partially solves my problem. For example,
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1131
Content-Type: text/xml
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: ro
Host: localhost
mymethod: urn:[URL]
Some clients instead of having the standard header SOAPAction: [URL], have someting like in example above. "mymethod" represents the method in my web service class with [WebMethod] attribute on it and [URL] is the namespace of the webservice. Still the service works perfectly normal. The consumers use different frameworks (NuSOAP from PHP, .NET, Java, etc).
View 4 Replies
Oct 24, 2010
I develop an asmx web service (i.e. ASP.NET 2.0). There's a piece of code that may read the contents of the HTTP request (via HttpContext.Current.Request.InputStream) while processing it. I realise that InputStream may only be read once for a request, and I make sure I never try to read it more than once.
The problem seems to be that if InputStream happens to be read during the early stages of the application's lifecycle (e.g. after pskill w3wp, during Application_Start), the HTTP request fails with a HTTP 400 - Bad Request error, with no explanation given, no exception thrown and no entry in the httperr log. If it is read later (e.g. within the web method itself), requests run fine whether InputStream is read or not. Application_Start runs fine if InputStream isn't read.
Is this some sort of ASP.NET bug? IIS bug? Or am I doing something wrong by daring to read InputStream? And if so, is there another way to get a look at the "raw" contents of the request without disturbing the inner workings of IIS/ASP.NET? In short, adding this code within Application_Start is enough to reproduce this error: using (StreamReader reader = new StreamReader(HttpContext.Current.Request.InputStream))reader.ReadToEnd();
View 1 Replies
