473,287 Members | 1,689 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

ValidateRequest customization

Is there any way to selectively have ValidateRequest on based on the logged
in user?

Also, can we control what tags will be allowed? For example, I don't have a
problem with my users toggling bold, but don't want them using scripting. Is
there a way to customize the tags that are allowed?

If not, is there any suggested alternate method for performing this sort of
partial validation?

-Ben
May 17 '06 #1
2 1878
On Wed, 17 May 2006 07:30:03 -0700, Ben R. <be**@newsgroup.nospam>
wrote:
Is there any way to selectively have ValidateRequest on based on the logged
in user?

Also, can we control what tags will be allowed? For example, I don't have a
problem with my users toggling bold, but don't want them using scripting. Is
there a way to customize the tags that are allowed?

If not, is there any suggested alternate method for performing this sort of
partial validation?

-Ben


For your first quesiton, you could have a customvalidator, something
like this:

protected void CustomValidator1_ServerValidate(object source,
ServerValidateEventArgs args)
{
MembershipUser mu = Membership.GetUser();
if (!Roles.IsUserInRole("RoleOfInterest"))
{
args.IsValid = false;
}
else
{
args.IsValid = true;
}

}
Peter Kellner
http://peterkellner.net
May 17 '06 #2
Hi Ben,

As for the "RequestValidation" setting, it is controlled by @Page
directive(validateRequest attribute). Also, we can programmtically enable
RequestValidation through the "HttpRequest.ValidateInput" method. e.g.

======in global.asax=========
void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Request.ValidateInput();
}
=========================

However, the above approaches only utilize the built-in validation code
logic, and the ASP.NET framework doesn't allow user to customize the
validation logic. If you do want to perform custom validation on the
ASP.NET request's data collection, you can consider the following options:

1. Turn all request validation on the whole page request, and perform
individual validation on the input fields in the web page. For example, we
can use validation control to validate TextBox controls.

#How To: Use Regular Expressions to Constrain Input in ASP.NET
http://msdn.microsoft.com/library/en...1.asp?frame=tr
ue
2. We can do the request validation ourselves completely. The following
msdn article has demonstrated how to implement own request validation in
ASP.NET 1.0(which doesn't support validateRequest naturally). You can
reference to its code logic.

#Adding Cross-Site Scripting Protection to ASP.NET 1.0
http://msdn.microsoft.com/library/en...rotection.asp?
frame=true

Hope this helps.

Regards,

Steven Cheng
Microsoft Online Community Support
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


May 18 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: mar | last post by:
Does anybody know what configuration section should i set to false here. I also tried setting the page directive to false but that didn't fix it. Thanks! mc A potentially dangerous...
1
by: Shaun Dore | last post by:
Hi, I have a web form containing a TextBox that allows users to edit XML files. When the page is posted, the changes are saved. This worked fine until the ValidateRequest 'feature' came along in...
1
by: Benny | last post by:
Hello Experts, If the contents of a text box containing a html tag like formmated characters, i.e. <hello>, and if the validateRequest is set to true, it gives an error when post back: A...
4
by: Ray Williams | last post by:
I have a specific page that I have chosen to disable the .NET 1.1 validateRequest options by setting the page directive attribute of "validateRequest" from true to false. I manually validate all...
2
by: Tim Zych | last post by:
I'm trying to stop .Net from validating data entered into a textbox. When I enter < or > .Net returns an error: potentially dangerous Request.Form value was detected from the client... so a...
8
by: Max Metral | last post by:
Ok, I have a global page class derived from System.Web.UI.Page, let's call it BasePage. I have another class derived from that called MemberPage. It checks the Form collection if it's a post for...
2
by: Andy Fish | last post by:
Hi, I have one textbox on the form that needs to have ValidateRequest disabled, but it seems that it can only be enabled/disabled at a page level. assuming I have to disable it at for the...
4
by: Dave H | last post by:
If put this into my Web.config. Shouldn't this turn off the ValiateRequest app wide? <configuration> <system.web> <pages buffer="true" validateRequest="false" /> I pass SQL around to...
2
by: \A_Michigan_User\ | last post by:
*WITHOUT* using: ValidateRequest="False" for the whole page (or my whole site).... How would I trap/detect that a textBox contains some illegal characters? (I'm using asp.net v1.1 and vb.net)...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.