I am hosting my apllications. They are running under .net version 4.0. Everything is working fine. But lately, i am getting error list "Potentially Dangerous request ...". I searched on the internet and found out have i have to set my web.config like this.
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
It it is use then the problem is solved. and my question is how to solve the error without using page validate request set false.
is other way able to solve the problem???
Related
I am deploying a .Net solution to Azure and am getting the above error when I try to run the page.
I read that System.Web has to be stripped down to this. And that's what I did.
<compilation debug="true" targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2" />
The solution works locally. Application Insights does not note any errors. Is there an error log somewhere? I have no idea what error this could be. It could be anything.
(I don't have 50 rep so I can't comment, so I have to post as an answer.)
Enable diagnostics logging and report back with the logs. Should shed some light on the problem.
Try setting custom errors to off in your web.config.
<system.web>
<customErrors mode="Off">
</customErrors>
</system.web>
Reference: customErrors Element (ASP.NET Settings Schema)
Don't forget to turn it back on when you have fixed the issue.
Having deployed the latest build of a C# MVC app to a test server this is the error I'm getting.
This all works fine when run locally in VS2013.
I'm using a custom provider and I'm pretty sure this worked ok before.
The relevant part of web.config looks like this:
<system.web>
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Windows" />
<roleManager defaultProvider="MyRoleProvider" enabled="true">
<providers>
<clear />
<add name="MyRoleProvider" type="CWC_Service_Plan.Security.MyRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
</system.web>
The Authorisation config in IIS looks like this:
Enabling anonymous access makes no difference.
Having trudged through the answers in SO without finding the solution I'm aware that there is a lot out there on this, but I haven't yet found anything that can resolve this issue. For example, the problem is not a database security issue, the password for the site identity user has not expired, etc.
Does anyone have any suggestions on how to proceed? I'll supply additional details as requested.
And thanks for the help!
[Edit]
When the site is browsed locally (on the server) the error is mildly more helpful:
This would still suggest a problem connecting to the database as the User.IsInRole function checks the database for role membership, but I'm sure this is ok.
[Edit2]
Looking through the Windows logs shows the following error:
SSPI handshake failed with error code 0x8009030c, state 14 while
establishing a connection with integrated security; the connection has
been closed. Reason: AcceptSecurityContext failed. The Windows error
code indicates the cause of failure. The logon attempt failed
[CLIENT: 10.184.23.141]
What does that mean in English, apart from "Login failed"?
[Edit3]
Apparently this could mean that no Service Principal Name has been set up for the service user.
https://technet.microsoft.com/en-us/library/bb735885.aspx
Am currently investigating this angle...
I never found an entirely satisfactory answer to this.
In the end I switched to using SQL Authentication for the database access, thus removing the problem, so more of a work-around than a fix really.
I get this error after changing from .Net 4.5 to 4
the error says:
"A potentially dangerous Request.Form value was detected from the client"
In my 4.5 solution i have "ValidateRequest="false"" in the top of my aspx page. But that doesn't seem to work anymore.
I know why the error appears, but not how to make it disappear.
You can add this to your config file
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
Link : http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode%28VS.100%29.aspx
For some reason I can't see any useful information about my errors even though I Changed the customerrors section of the web.config:
<customErrors mode="RemoteOnly">
</customErrors>
All I want to do is be able to see the normal yellow screen of death that shows what is going wrong.
Ever since I tried to upload this site on my local developer PC's IIS, the application has not shown error information.
Whenever I start debugging the application fails immediatly and says, "Server Error in '/' Application." and gives me a 404 http error and only displays the Version of the .net framework and asp.net version.
*UPDATE:
I'm Running this locally on my development pc.
Set the Mode to Off instead of remote only. MSDN explains the different modes here:
http://msdn.microsoft.com/en-us/library/h0hfz6fc.aspx
If you are in RemoteOnly then it will only show the error if you are running it locally.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<customErrors mode="" defaultRedirect=""></customErrors>
</system.web>
</configuration>
If you want to set your application level exception should redirect to your custom error page, you can do this by going to global.asax file and write the code for redirection in Application_Error method.
For handling all the exception, you just need to write the code for redirection at catch section. Also you can set custom error page for http errors by passing status code.
<customErrors mode="RemoteOnly" defaultRedirect="~/ErrorPages/Oops.aspx">
<error statusCode="404" redirect="~/ErrorPages/404.aspx" />
</customErrors>
follow this link:https://stackify.com/web-config-customerrors-asp-net/
Everytime when I open a Website Project/Web, Project in Visual Studio 2010 and try to run in Debug/non debug mode (F5/F11) I get this error error:
"A potentially dangerous Request.Cookies value was detected from the client " .
I had installed VS 2010 SP1 a months ago, I'm not sure if it's related to this.
It happens to newly created project and existing projects. So I can't run any project.
I set the validaterequest in page and in web.config as most of the google search results sites suggested but I can't pass through this error.
Does someone know what the problem is and how to solve this problem?
SET in PAGE:
<%# Page validateRequest="false" %>
SET in WEB.CONFIG:
<system.web>
<pages validateRequest="false" />
</system.web> </br>
< /configuration>
Server Error in '/WebApp' Application.
A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization=". After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization="
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Cookies value was detected from the client (DNNPersonalization="
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.225
Use
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
In your web.config
You get this error when ASP.NET blocks pages from sending html tags in GET/POST arguments and cookies to prevent script injection attacks. You can either:
encode arguments/not send any html tags
disable request validation
You can disable request validation for the whole site by adding to Web.config:
<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
</configuration>
To disable for a single page, add to Web.config:
<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
</configuration>
and add to the .aspx page:
<%# Page validateRequest="false" %>
More Info: http://www.asp.net/learn/whitepapers/request-validation
I had the same issue in MVC, while I was running the site under localhost.
Simply delete the cookies.