I'm getting errors with an application on our test web server, which has .NET 4.0 installed, when I input HTML into a form. I get the usual errors of:
A potentially dangerous Request.Form value was detected from the client
This is being caused by the change in .NET 4.0 that disables switching off automatic validation for HTML input. I can fix this on my local development machine by adding the
<httpRuntime requestValidationMode="2.0" />
directive to the <system.web>
section of my root web.config, and .NET then honours the <pages validateRequest="false" />
directive that's in the same root web.config. Strangely, I needed to restart IIS on my local machine (which is version 5.1) for this change to work.
When I deploy the root web.config to our test server however, I'm still getting the validation errors. I've tried using run > iisreset
, stopping and starting IIS (which is version 6.0 on the test server), and I've even restarted the server to fully clear out .NET. My application is definitely picking up the new root web.config (I've tested this), however the <httpRuntime requestValidationMode="2.0" />
directive seems to just be ignored.
My application is configured as a .NET 4.0 application on both my local machine and on the test server. I've tried rebuilding the application and redeploying it to the test web server. Can anyone suggest what I need to do to get this working?
Thanks in advance, Chris
If you are using MVC3, Try adding a global filter in
Global.asax.cs
.