为什么我不能修复这个错误:一个潜在危险的请求.从客户端检测到表单值(wresult="
本文关键字:wresult 表单 客户端 检测 RequestSe quot 危险 错误 不能 为什么 一个 | 更新日期: 2023-09-27 18:05:17
我已经尝试了所有关于这个错误的相关论坛,但无法找到解决方案。我已经发布了一个web应用程序到服务器,并设置了AD FS和STS认证。这个错误仍然显示以下其他论坛和添加此代码到我的网页后。配置文件:
<location path="FederationMetadata">
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
此应用程序位于IIS应用程序池下,设置为v4.0,应用程序本身具有3.5的目标框架。这些因素会阻止我关闭导致错误的验证请求吗?我遗漏了什么吗?我还尝试将代码添加到@page:
<%@ Page Language="C#" AutoEventWireup="true" Inherits="_Default" validateRequest="false" Codebehind="Default.aspx.cs" %>
这个web应用程序是一个简单的web表单。aspx页面嵌入。ascx用户控件,如果这有什么不同的话。我非常坚持这个错误,并将感谢任何帮助。
谢谢,
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12339046
System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +203
System.Web.HttpRequest.get_Form() +100
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
更新评论:我使用这个代码项目作为这个站点的起点:http://www.codeproject.com/Articles/301328/ASP-NETUser-Control-File-Browser。用户控件基本上与此相同。我刚刚添加了一个搜索功能和基于文件类型的图片。我还把它变成了一个web应用程序,而不是一个网站项目。
哇。看起来这个问题的答案就在我面前。一个同事发现我的代码:
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
-没有被实现,因为它在位置标签内。一旦我从标签内部删除代码并将其放置在下面的位置,这个错误就得到了解决。标签是从STS或ADFS自动创建的,所以我想这就是为什么我这么困惑。
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="None"/>
....
我最终取出validateRequest="false",并放入@page指令,如上面所示。谢谢你的评论。
本文关键字:wresult 表单 客户端 检测 RequestSe quot 危险 错误 不能 为什么 一个 | 更新日期: 2023-09-27 18:05:17
我已经尝试了所有关于这个错误的相关论坛,但无法找到解决方案。我已经发布了一个web应用程序到服务器,并设置了AD FS和STS认证。这个错误仍然显示以下其他论坛和添加此代码到我的网页后。配置文件:
<location path="FederationMetadata">
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
此应用程序位于IIS应用程序池下,设置为v4.0,应用程序本身具有3.5的目标框架。这些因素会阻止我关闭导致错误的验证请求吗?我遗漏了什么吗?我还尝试将代码添加到@page:
<%@ Page Language="C#" AutoEventWireup="true" Inherits="_Default" validateRequest="false" Codebehind="Default.aspx.cs" %>
这个web应用程序是一个简单的web表单。aspx页面嵌入。ascx用户控件,如果这有什么不同的话。我非常坚持这个错误,并将感谢任何帮助。
谢谢,
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12339046
System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +203
System.Web.HttpRequest.get_Form() +100
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
更新评论:我使用这个代码项目作为这个站点的起点:http://www.codeproject.com/Articles/301328/ASP-NETUser-Control-File-Browser。用户控件基本上与此相同。我刚刚添加了一个搜索功能和基于文件类型的图片。我还把它变成了一个web应用程序,而不是一个网站项目。
哇。看起来这个问题的答案就在我面前。一个同事发现我的代码:
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
-没有被实现,因为它在位置标签内。一旦我从标签内部删除代码并将其放置在下面的位置,这个错误就得到了解决。标签是从STS或ADFS自动创建的,所以我想这就是为什么我这么困惑。
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="None"/>
....
我最终取出validateRequest="false",并放入@page指令,如上面所示。谢谢你的评论。