Solved

why do i keep getting "A potentially dangerous Request.Form value was detected from the client"

Posted on 2014-11-04
2
81 Views
Last Modified: 2016-06-22
i have a web.config, which will show a SALM login page. It will successfully login. but after that i will get the above error.

Done:
added :  <pages validateRequest="false"
tested : requestValidationMode="2.0"
added on aspx page : <%@ Page Language="C#" validateRequest="false"

still the same error.

web.config re-directs to an aspx page:

 <wsFederation passiveRedirectEnabled="true" issuer="https://login.website.nl" realm="http://localhost/" requireHttps="false" reply="http://localhost/Test.aspx"/>

Open in new window


Test.aspx directly runs fine. It's just that after loggin in, i will get the above error.

Any my landing pages looks really basic:

<%@ Page Language="C#" validateRequest="false" AutoEventWireup="true"%>

    <title>SAML authentication landing page</title>
</head>
<body>
    <h1>SAML authentication landing page</h1>

</body>
</html>

Open in new window


I don't see any request form there.

Anyone can help?
0
Comment
Question by:A. Amien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40423758
In fact, "<" is not inherently dangerous, its only dangerous in a specific context: when writing unencoded strings to HTML output (because of XSS). In other contexts different substrings are dangerous, e.g. if you write an user-provided URL into a link, the substring "javascript:" may be dangerous.

Also the single quote character on the other hand is dangerous when interpolating strings in SQL queries, but perfectly safe if it is a part of a name submitted from a form or read from a database field.

You can't filter random input for dangerous characters, because any character may be dangerous if the request is ill intended . It is better to encode at the point where some specific characters may become dangerous because they cross into a different sub language where they have special meaning. Most refer it as input validation checks...

E.g.  When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.  When you are sure you HTML-encode everywhere you pass strings to HTML, then set validateRequest="false". Not sure for the various .NET version especially v4 like some has to also add <httpRuntime requestValidationMode="2.0" /> to web.config...

E.g. If you pass a string to a dyamic SQL statement, you should encode different characters (or have the framework handle this using prepared statements or equivalent).
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question