• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 666
  • Last Modified:

Unhandled exception

I am getting the follow execption when I attempt to navigate to a new page from my asp.net site using a button - this occurs no matter which page I am trying to get to.
I can't find the error using debugging - the execution never gets to the code controlling the button click.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (dgOpsLog:_ctl3:_ctl0="...ble Where OnWebReq = 1 Order b...").

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (dgOpsLog:_ctl3:_ctl0="...ble Where OnWebReq = 1 Order b...").]
   System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
   System.Web.HttpRequest.get_Form() +113
   System.Web.UI.Page.GetCollectionBasedOnMethod()
   System.Web.UI.Page.DeterminePostBackMode()
   System.Web.UI.Page.ProcessRequestMain()
   System.Web.UI.Page.ProcessRequest()
   System.Web.UI.Page.ProcessRequest(HttpContext context)
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

I don't understand where to look for the problem.

Thanks for any help.
0
jberv534
Asked:
jberv534
  • 5
  • 5
  • 2
  • +1
3 Solutions
 
bsdotnetCommented:
This occurs when you pass a potential sql injection string in web form controls or your URL to the new page. If you remove the values or parameters passed, it should work fine.
0
 
bsdotnetCommented:
Also, you can disable validaterequest in your page header <%@ Page Language="VB" ValidateRequest="false"  %>

http://www.asp.net/faq/RequestValidation.aspx?tabindex=0&tabid=1
0
 
deepaknetCommented:
There seems to be some HTML TAGS in the form input or Request.QueryString that is failing validation. Albeit, bsdotnet solution would work, for security reasons, you should never disable request validation, given the amount of cross site scripting attacks on the Internet.

The best solution would be on Submit call, javascript escape() function on the values and submit the form.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
TheMehrdadCommented:
Dear jberv534,
ASP.Net automatically validates textboxes and other controls, when they are posted back to the server, to check if they contain HTML or some scripts. This is so usefull and you should'nt disable it. Instead tell me more about the controls and functionality you have in the current page. (Not other target pages) We will find which control is sending html content to the server and server is preventing it.
Good luck
0
 
jberv534Author Commented:
I'm afraid I am too inexperienced to make sense of deepaknet's comment. I changed the validation on the page creating the exception when a button is clicked and that works, but I agree, I don't like the approach. I am confused about the validation process - the reference to OnWebReqs doesn't make any sense in that context. Where do I look for the html tags?
0
 
TheMehrdadCommented:
Hi again,
What is the functionality of your page? What controls do you have on your page? Do you have HTML Text Area, or do you have a third party control for rich text editing (Like Yahoo Mail Compose Email page)?
We will find it!
Good luck
0
 
jberv534Author Commented:
On the page that causes the error there are nav buttons, a datagrid, dropdowns, some text boxes. Nothing is entered on the page - it reports logins, errors and data transfer activity. The only thing that can be done is the deletion of grid items. There is also a control to allow the user to select date ranges. Something happens between when any of the nav buttons (all are going to other pages in the site) are clicked and when the routine that controls the click is executed - that's where I am blinded.

Thanks, again.
0
 
deepaknetCommented:
You should inspect the textboxes. It is more likely that one of these are submitting html tag like strings. It need not be a valid HTML also. It just checks the tag like syntax to prevent cross-site scripting attack.

For textboxes, try calling escape() on those values from JavaScript and serverside, Server.URLDecode() should do the trick back.
0
 
TheMehrdadCommented:
Dear jberv534 ,
I suggest you to start a new page, and put your controls step by step. Each item you add, check if the problem is caused or not. By this iteration, you will find which control is causing the problem.
Good luck
0
 
jberv534Author Commented:
Thanks, I'll let you know what I find.
0
 
jberv534Author Commented:
TheMehrdad - I have been working with the datagrid on the page in question and by clearing all of the records, the exception is avoided. There is a text field in the grid that has exception and other messages created during site operations, but I was not aware of anything specificially related to the OnWebReq. Anyway, can you tell me how I can trap that textbox? It also turns-out that any control used was creating the exception. Can you tell me how I can isolate that text? I will be monitoring the site to see when the exception occurs. Thanks for all of your help.
0
 
TheMehrdadCommented:
Dear jberv534,
I didn't get that: "Do you know which exact Textbox is causing the problem?" or you just know one of your textboxes is causing the exception.
If you know the exact textbox, tell me what kind of data is shown in this textbox, if you don't know which textbox is, first clear all columns, then add them step by step to find that textbox.

When we know which textbox (Column of textboxes) is causing the problem, we will check the data in them. and then we will find a way for encoding the data to avoid the problem.

Good luck
0
 
jberv534Author Commented:
Dear TheMehrdad - the field in question is a text box in a datagrid that is used to display log messages: logins, transfer notes, errors. I cleared the data table and have had no further occurances of the exception. I am tracking the table to see if it re-occurs. In the meantime, I will close this thread and take care of the points. Thanks for your help, really.
0
 
TheMehrdadCommented:
Dear jberv534 ,
You are welcome. You may ask any more question if you have to solve the problem. Just put your question here. I think there are some HTML or SQL keywords in your log information. I hope you find and solve them.
Good luck
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now