asp.net 4 custom request validator doesn't seem to work

2.9k views Asked by At

i am following the example at http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx but it doesn't seem to work and i still get error. Here is my class and how i add it to webconfig

my webconfig:

     <httpRuntime requestValidationType="CustomRequestValidation"/>

my class:

public class CustomRequestValidation : RequestValidator
{
public CustomRequestValidation() { }
protected override bool IsValidRequestString(HttpContext context, string value,   RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
{
    validationFailureIndex = -1;
    if (requestValidationSource == RequestValidationSource.Path)
    {
        // value "&","="  allowed.
        if (value.Contains("&") || value.Contains("="))
        {
            validationFailureIndex = -1;
            return true;
        }
        else
        {
            //Leave any further checks to ASP.NET.           
            return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
        }
    }
    else
    {
        return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
    }

   }
 }

Error details are:

System.Web.HttpException
A potentially dangerous Request.Path value was detected from the client (=).
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
2

There are 2 answers

1
Chad Grant On

I had this issue too and adding this to the web.config resolved the issue.

<httpRuntime requestPathInvalidCharacters="" />

By Default, .Net 4.0 rejects all requests with <>*%&:\? characters which may be causing the issue for you like it was for me.

[ConfigurationProperty("requestPathInvalidCharacters", DefaultValue=@"<,>,*,%,&,:,\,?")] public string RequestPathInvalidCharacters { get; set; }

0
Pradip Jalu On

Please try with adding namespace in requestValidationType

requestValidationType="CustomControlTest.CustomRequestValidator"

Here CustomControlTest is the namespace.