i am following the example at http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx but it doesn't seem to work and i still get error. Here is my class and how i add it to webconfig
my webconfig:
<httpRuntime requestValidationType="CustomRequestValidation"/>
my class:
public class CustomRequestValidation : RequestValidator
{
public CustomRequestValidation() { }
protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
{
validationFailureIndex = -1;
if (requestValidationSource == RequestValidationSource.Path)
{
// value "&","=" allowed.
if (value.Contains("&") || value.Contains("="))
{
validationFailureIndex = -1;
return true;
}
else
{
//Leave any further checks to ASP.NET.
return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
}
}
else
{
return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
}
}
}
Error details are:
System.Web.HttpException
A potentially dangerous Request.Path value was detected from the client (=).
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.ValidateRequestExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I had this issue too and adding this to the web.config resolved the issue.
By Default, .Net 4.0 rejects all requests with <>*%&:\? characters which may be causing the issue for you like it was for me.
[ConfigurationProperty("requestPathInvalidCharacters", DefaultValue=@"<,>,*,%,&,:,\,?")] public string RequestPathInvalidCharacters { get; set; }