467,080 Members | 927 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,080 developers. It's quick & easy.

how to try-catch potentially dangerous Request.Form value exception

Dear All,

how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?

i've set the debugger in the Page_InIt function, but this page is shown
before the Page_init function.

i know that i can set validateRequest="false" in my page, but how can i
try-catch it?
Thank you.

Regards,
angus

ref: http://asp.net/faq/images/requestValidation3.png
Nov 18 '05 #1
  • viewed: 4765
Share:
1 Reply
Hi Angus,

I assume you are trying to catch the exception so that you can show a
friendly error, log it and handle gracefully. I can think of 2 options:

1. Use the application_error method in the global.asax to catch the
exception and then take appropriate action. This is a pretty good article
for handling errors in asp .net
http://msdn.microsoft.com/asp.net/us...stomErrors.asp.
2. Do all form and data validation yourself. This would give you more
control on detecting potential attacks, and you could have you "try and
catch". However you may not cover all scenarios, hence I dont recommend this
option by itself.

I would actually go for both. Let ASP .Net detect malicious content, but
also do you own validation on form fields, querystings etc (i.e. all user
input). Tip: Don't try and create rules on what is not allowed, create
rules on what is allowed. E.g. don't create rules that disallow & and % and
^ and @ etc, rather create the rule that only allows 0-9, a-z and A-Z.
Hope this helps,
Michael

--
This posting is provided "AS IS" with no warranties, and confers no rights.
"angus" <an***@angus.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
Dear All,

how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?

i've set the debugger in the Page_InIt function, but this page is shown
before the Page_init function.

i know that i can set validateRequest="false" in my page, but how can i
try-catch it?
Thank you.

Regards,
angus

ref: http://asp.net/faq/images/requestValidation3.png

Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

39 posts views Thread by Erlend Fuglum | last post: by
12 posts views Thread by Brian Kelley | last post: by
1 post views Thread by Askari | last post: by
9 posts views Thread by David Stockwell | last post: by
26 posts views Thread by djw | last post: by
40 posts views Thread by Steve Juranich | last post: by
4 posts views Thread by wk6pack | last post: by
2 posts views Thread by BarrySearle | last post: by
3 posts views Thread by Sori Schwimmer | last post: by
try
3 posts views Thread by HMS Surprise | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.