Click here to Skip to main content
15,860,972 members
Articles / Web Development / ASP.NET
Tip/Trick

ASP.NET 4.0 potentially dangerous Request.Form value was detected

Rate me:
Please Sign up or sign in to vote.
4.88/5 (50 votes)
6 Feb 2013CPOL1 min read 580K   27   56
If anyone enters non-encoded HTML content into a text box in an ASP.NET application.

A few days ago, while working on an ASP.NET 4.0 Web project, I got an issue. The issue was, when user enters non-encoded HTML content into a comment text box s/he got something like the following error message:

"A potentially dangerous Request.Form value was detected from the client".

This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a link Request Validation, that is a feature put in place to protect your application cross site scripting attack and followed accordingly.

To disable request validation, I added the following to the existing "page" directive in that .aspx file.

ValidateRequest="false"

But I still got the same error. Later I found that, for .NET 4, we need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:

XML
<httpRuntime requestValidationMode="2.0"/>

But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section.

If anyone wants to turn off request validation globally for a user, the following line in the web.config file within <system.web> section will help:

XML
<pages validateRequest="false" />  

Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.

However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer (Senior)
Singapore Singapore
A life-long-learner, maker and soft music fan. Likes building things to solve problems. Years of successful records serving mid and large scale .NET applications in domestic and international client environment. Expertise in different areas of software development life cycles and Software Architecture.

Always looks for new technology and loves to get hands dirty Smile | :)

Comments and Discussions

 
QuestionA potentially dangerous Request.Form value was detected from the client in asp.net Pin
monika salunkhe13-Jan-16 2:49
monika salunkhe13-Jan-16 2:49 
QuestionQuestions Pin
Member 88831-Jan-15 2:19
Member 88831-Jan-15 2:19 
GeneralMy vote of 5 Pin
Humayun Kabir Mamun14-Jan-15 2:59
Humayun Kabir Mamun14-Jan-15 2:59 
Questionquestion Pin
Ehsan yazdani rad14-Jul-14 2:57
Ehsan yazdani rad14-Jul-14 2:57 
GeneralMy vote of 5 Pin
Pratik Bhuva6-Mar-14 22:50
professionalPratik Bhuva6-Mar-14 22:50 
GeneralMessage Closed Pin
20-Feb-14 18:15
samunder20-Feb-14 18:15 
Questionthanks dear Pin
rajveersingh24-Jan-14 0:31
rajveersingh24-Jan-14 0:31 
QuestionThanks... Pin
Member 995208821-Oct-13 20:04
professionalMember 995208821-Oct-13 20:04 
Questionthanks great Pin
Himanshu Kamothi24-Jul-13 3:54
Himanshu Kamothi24-Jul-13 3:54 
AnswerRe: thanks great Pin
Monjurul Habib24-Jul-13 8:29
professionalMonjurul Habib24-Jul-13 8:29 
GeneralMy vote of 5 Pin
dpalash2-May-13 3:14
professionaldpalash2-May-13 3:14 
GeneralRe: My vote of 5 Pin
Monjurul Habib24-Jul-13 8:28
professionalMonjurul Habib24-Jul-13 8:28 
GeneralMy vote of 3 Pin
DrTJ20668-Mar-13 4:23
DrTJ20668-Mar-13 4:23 
QuestionBest of both worlds Pin
Isaac Shloss26-Dec-12 10:04
Isaac Shloss26-Dec-12 10:04 
AnswerRe: Best of both worlds Pin
minLVwang9-Jan-13 16:28
minLVwang9-Jan-13 16:28 
QuestionPartially dangerous solution! Pin
Jurisfox9-Nov-12 1:23
Jurisfox9-Nov-12 1:23 
AnswerRe: Partially dangerous solution! Pin
Monjurul Habib9-Nov-12 10:06
professionalMonjurul Habib9-Nov-12 10:06 
GeneralMy vote of 5 Pin
TheGroobster8-Nov-12 3:28
TheGroobster8-Nov-12 3:28 
GeneralRe: My vote of 5 Pin
Monjurul Habib8-Nov-12 7:54
professionalMonjurul Habib8-Nov-12 7:54 
QuestionGreat Solution!!!!! Pin
nickT.Tnick18-Oct-12 22:07
nickT.Tnick18-Oct-12 22:07 
AnswerRe: Great Solution!!!!! Pin
Monjurul Habib19-Oct-12 6:37
professionalMonjurul Habib19-Oct-12 6:37 
GeneralMy vote of 5 Pin
Ajith_joseph3-Aug-12 0:46
Ajith_joseph3-Aug-12 0:46 
GeneralRe: My vote of 5 Pin
Monjurul Habib3-Aug-12 2:31
professionalMonjurul Habib3-Aug-12 2:31 
thanks.
Premature optimization is the root of all evil in programming.
--C.A.R. Hoare

Generaltanx Pin
Behzad Habibzadeh11-Jul-12 1:21
Behzad Habibzadeh11-Jul-12 1:21 
GeneralRe: tanx Pin
Monjurul Habib3-Aug-12 2:31
professionalMonjurul Habib3-Aug-12 2:31 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.