[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unhandled exception

Posted on 2006-04-23
14
Medium Priority
?
664 Views
Last Modified: 2012-05-05
I am getting the follow execption when I attempt to navigate to a new page from my asp.net site using a button - this occurs no matter which page I am trying to get to.
I can't find the error using debugging - the execution never gets to the code controlling the button click.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (dgOpsLog:_ctl3:_ctl0="...ble Where OnWebReq = 1 Order b...").

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (dgOpsLog:_ctl3:_ctl0="...ble Where OnWebReq = 1 Order b...").]
   System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
   System.Web.HttpRequest.get_Form() +113
   System.Web.UI.Page.GetCollectionBasedOnMethod()
   System.Web.UI.Page.DeterminePostBackMode()
   System.Web.UI.Page.ProcessRequestMain()
   System.Web.UI.Page.ProcessRequest()
   System.Web.UI.Page.ProcessRequest(HttpContext context)
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

I don't understand where to look for the problem.

Thanks for any help.
0
Comment
Question by:jberv534
  • 5
  • 5
  • 2
  • +1
14 Comments
 
LVL 12

Expert Comment

by:bsdotnet
ID: 16521567
This occurs when you pass a potential sql injection string in web form controls or your URL to the new page. If you remove the values or parameters passed, it should work fine.
0
 
LVL 12

Assisted Solution

by:bsdotnet
bsdotnet earned 400 total points
ID: 16521767
Also, you can disable validaterequest in your page header <%@ Page Language="VB" ValidateRequest="false"  %>

http://www.asp.net/faq/RequestValidation.aspx?tabindex=0&tabid=1
0
 
LVL 15

Assisted Solution

by:deepaknet
deepaknet earned 200 total points
ID: 16522464
There seems to be some HTML TAGS in the form input or Request.QueryString that is failing validation. Albeit, bsdotnet solution would work, for security reasons, you should never disable request validation, given the amount of cross site scripting attacks on the Internet.

The best solution would be on Submit call, javascript escape() function on the values and submit the form.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 5

Accepted Solution

by:
TheMehrdad earned 1400 total points
ID: 16522475
Dear jberv534,
ASP.Net automatically validates textboxes and other controls, when they are posted back to the server, to check if they contain HTML or some scripts. This is so usefull and you should'nt disable it. Instead tell me more about the controls and functionality you have in the current page. (Not other target pages) We will find which control is sending html content to the server and server is preventing it.
Good luck
0
 

Author Comment

by:jberv534
ID: 16522489
I'm afraid I am too inexperienced to make sense of deepaknet's comment. I changed the validation on the page creating the exception when a button is clicked and that works, but I agree, I don't like the approach. I am confused about the validation process - the reference to OnWebReqs doesn't make any sense in that context. Where do I look for the html tags?
0
 
LVL 5

Expert Comment

by:TheMehrdad
ID: 16522511
Hi again,
What is the functionality of your page? What controls do you have on your page? Do you have HTML Text Area, or do you have a third party control for rich text editing (Like Yahoo Mail Compose Email page)?
We will find it!
Good luck
0
 

Author Comment

by:jberv534
ID: 16523042
On the page that causes the error there are nav buttons, a datagrid, dropdowns, some text boxes. Nothing is entered on the page - it reports logins, errors and data transfer activity. The only thing that can be done is the deletion of grid items. There is also a control to allow the user to select date ranges. Something happens between when any of the nav buttons (all are going to other pages in the site) are clicked and when the routine that controls the click is executed - that's where I am blinded.

Thanks, again.
0
 
LVL 15

Expert Comment

by:deepaknet
ID: 16523112
You should inspect the textboxes. It is more likely that one of these are submitting html tag like strings. It need not be a valid HTML also. It just checks the tag like syntax to prevent cross-site scripting attack.

For textboxes, try calling escape() on those values from JavaScript and serverside, Server.URLDecode() should do the trick back.
0
 
LVL 5

Expert Comment

by:TheMehrdad
ID: 16523214
Dear jberv534 ,
I suggest you to start a new page, and put your controls step by step. Each item you add, check if the problem is caused or not. By this iteration, you will find which control is causing the problem.
Good luck
0
 

Author Comment

by:jberv534
ID: 16525084
Thanks, I'll let you know what I find.
0
 

Author Comment

by:jberv534
ID: 16526368
TheMehrdad - I have been working with the datagrid on the page in question and by clearing all of the records, the exception is avoided. There is a text field in the grid that has exception and other messages created during site operations, but I was not aware of anything specificially related to the OnWebReq. Anyway, can you tell me how I can trap that textbox? It also turns-out that any control used was creating the exception. Can you tell me how I can isolate that text? I will be monitoring the site to see when the exception occurs. Thanks for all of your help.
0
 
LVL 5

Expert Comment

by:TheMehrdad
ID: 16531782
Dear jberv534,
I didn't get that: "Do you know which exact Textbox is causing the problem?" or you just know one of your textboxes is causing the exception.
If you know the exact textbox, tell me what kind of data is shown in this textbox, if you don't know which textbox is, first clear all columns, then add them step by step to find that textbox.

When we know which textbox (Column of textboxes) is causing the problem, we will check the data in them. and then we will find a way for encoding the data to avoid the problem.

Good luck
0
 

Author Comment

by:jberv534
ID: 16534760
Dear TheMehrdad - the field in question is a text box in a datagrid that is used to display log messages: logins, transfer notes, errors. I cleared the data table and have had no further occurances of the exception. I am tracking the table to see if it re-occurs. In the meantime, I will close this thread and take care of the points. Thanks for your help, really.
0
 
LVL 5

Expert Comment

by:TheMehrdad
ID: 16541223
Dear jberv534 ,
You are welcome. You may ask any more question if you have to solve the problem. Just put your question here. I think there are some HTML or SQL keywords in your log information. I hope you find and solve them.
Good luck
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month18 days, 7 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question