473,396 Members | 1,734 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > request validation

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Request Validation

Hi guys
I have a question regarding to how to do the request validation on user's
input. We all know in asp.net. when user input something like <a>blah
blah</aby default, It will throw a HttpRequestValidationException say "A
potentially dangerous Request.Form value was detected from the client ". And
This validation can be turned off in the page.

Now, I am quite annoy about all these exceptions cause by someone want to
post some kinds of the ads on my website. And I really do not to disable the
page request validation. The best the result for me will be I can do
something about it before it reach the request validation event, like check
the user input myself then redirect to some other pages. if user continue
doing that, the system will automatically lock user's account, and send to
an email to admin.

Is there anyway I can achieve this? Or do you have better ideas? Any help
will be appreciate?
Thanks a lot
Cheers
Victor

Jul 25 '07 #1
3 1892
I suggest you disable the page request validation and instead use
Microsoft's free Anti-Cross Site Scripting Library.
http://msdn2.microsoft.com/en-us/security/aa973814.aspx

If that doesn't work out for you, use a White List approach to specify only
which characters are allowed - and deny all other characters.

--
I hope this helps,
Steve C. Orr,
MCSD, MVP, CSM, ASPInsider
http://SteveOrr.net
"Victor" <vi****@noemail.noemailwrote in message
news:C5**********************************@microsof t.com...
Hi guys
I have a question regarding to how to do the request validation on user's
input. We all know in asp.net. when user input something like <a>blah
blah</aby default, It will throw a HttpRequestValidationException say "A
potentially dangerous Request.Form value was detected from the client ".
And This validation can be turned off in the page.

Now, I am quite annoy about all these exceptions cause by someone want to
post some kinds of the ads on my website. And I really do not to disable
the page request validation. The best the result for me will be I can do
something about it before it reach the request validation event, like
check the user input myself then redirect to some other pages. if user
continue doing that, the system will automatically lock user's account,
and send to an email to admin.

Is there anyway I can achieve this? Or do you have better ideas? Any help
will be appreciate?
Thanks a lot
Cheers
Victor
Jul 25 '07 #2
Hi Victor,

I agree with Steve here, with the Anti-Cross Site Scripting Library and
turning off "validateRequest", you should be able to accept any input
without vulnerable to marlicious script:

Literal1.Text =
"Hello " + Microsoft.Security.Application.AntiXss.HtmlEncode( TextBox1.Text)
+ "! Welcome to the examples!";

Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 26 '07 #3
Hi Steve and Walter:
Thanks for your help. This is really a good clue for me to solve my problem.
I am still doing research on the AntiXss class. Hopefully, I can start use
that soon..
cheers thans again for the help.

Victor

"Walter Wang [MSFT]" <wa****@online.microsoft.comwrote in message
news:II**************@TK2MSFTNGHUB02.phx.gbl...
Hi Victor,

I agree with Steve here, with the Anti-Cross Site Scripting Library and
turning off "validateRequest", you should be able to accept any input
without vulnerable to marlicious script:

Literal1.Text =
"Hello " +
Microsoft.Security.Application.AntiXss.HtmlEncode( TextBox1.Text)
+ "! Welcome to the examples!";

Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

Jul 31 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Receive biztalk request sample aspx please
by: Daniel Rimmelzwaan | last post by:
I want to send a biztalk document to an aspx page, and I need to see some sample code, because I just can't make it work. I have a port with transport type HTTP, pointing to my aspx page, something...
C# / C Sharp
0
Problems validating a SOAP request in a SOAP Extension
by: Amar | last post by:
I am recieving the "The root element is missing" error from my soap extension while attempting to validate an incoming SOAP message request. I suspect the problem resides in the ChainStream method...
.NET Framework
0
Request Validation with WSS Cookies
by: Anbu | last post by:
All, I'm hosting a web site on Windows 2003 server as default web site. Same server is also hosting Windows SharePoint Server 2003 on another port. When I access WSS site, it works fine. But...
ASP.NET
2
potentially dangerous Request.Form value was detected
by: Steve Richter | last post by:
getting this "potentially dangerous Request.Form value was detected" exception with a textbox which I have populated with some source code. I think I am getting the exception when I click OK on...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!