I am not able to get the actual cause of this error in my Web Application.I am using IIS7.0 and .Net FrameWork 4.0
You have inputted html tags in the input field,
Put validateRequest="false" in your page directive or web.config file.
http://msdn2.microsoft.com/en-us/library/ms972967.aspx
You're posting some values that are or resemble HTML. Are you using ASP.NET MVC? If so, I blogged a solution here: specify the attribute ValidateInput(false) on the controller method and everything will work.
But make sure this is the right solution. Does your app allow posting of HTML? If so, this is what you need to do; if not, you're just opening a security loophole.
Related
I'd like to let my user add HTML to an entry in a SQL Server table using the CMS, but I keep getting the warning:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$TextBox2="<p>We...
What is the best way to allow HTML to be added to my CMS?
Many thanks
You can enable/disable request validation on a per control, per page, or on application level.
See http://www.asp.net/learn/whitepapers/request-validation for more info.
Be aware that if you're using asp.net 4.0 you might have to set the requestValidationMode as well (see ValidateRequest="false" doesn't work in Asp.Net 4)
ASP.NET automatically tests forms for input of potentially dangerous characters (pretty much anything HTML...). To get around this you can ValidateRequest="false" at either the page or app level (in web.config), but then you will need to manually clean the HTML yourself to ensure that no malicious code is injected. The best article on code cleaning I've seen is http://wonko.com/post/html-escaping .
The following error occurs when my webpage is idle for more than 5 min.
Error: Sys.WebForms.PageRequestManagerServerErrorException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Source File: http://www.dial4jobz.com/ScriptResource.axd?d=Xl5p0QQ_qaR3K9bIVhwC3LyqjOX_oAKyeLj_-uS5j1VoFExVtm3XAHiq64EGJt04xntLJvh-9y3pvN3dvKgg5b6sQwkFvX7GT4f0aKn7iyc1&t=73e6f815
Dono, wat is the cause of this error.. I'll open a web page and after 5 min when I'm accessing it, it is showing this sort of error.. I don't hav any clue that why this error occurs.. Plz, give me any idea???
use the below code and try
<pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
if u need more info kindly refer the link below,
http://blogs.msdn.com/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx
http://forums.asp.net/p/955145/1173230.aspx
I had the same issue, this is the two solutions I found and that might help if you are not using a WebFarm:
1. Disable ViewState MAC
On your page (.aspx) #Page directive you can add the attribute EnableViewStateMac="false". By doing this that will disable the check and then the issue will goes away.
Unfortunately Microsoft doesn't recommend to do this for security reasons:
This attribute should never be set to false in a production Web site,
even if the application or page does not use view state. The view
state MAC helps ensure the security of other ASP.NET functions in
addition to view state.
Source: Microsoft
2. Check HTML
There is a bug in ASP.Net causing this issue when the "action" attribute is set in your <form> tag. For example:
<form runat="server" action="page.aspx">
By removing this attribute that will remove the issue, so you should now have something like:
<form runat="server">
Obviously this solution may raise other issues, it depends on your application. One big problem is when using Ajax to load pages.
3. Avoid ViewStates
In some cases when using Ajax it could be very easy to get rid of ViewStates. You can send Ajax requests to your server for performing operations and then display the result, no need to use a ViewState. By doing this you won't have an issue about the ViewState validation.
I also found other suggestions on those pages that might help you if what said above doesn't fix your problem.
Hai vaishu,
Have a look at this validation-of-viewstate-mac-failed-error
HI,
I have a ASP.NET webiste I created from craft and it now look a big mess. I want to reorganize this but don't know the good way to do it. Some first look well but later cause trouble with master page, image path...
Now I'm thinking of 2 ways:
Using UrlWriter: but it seems lead to a bulk of path rewrite and usually lead to Resource not found or something
Using a page as main entry and using Server.Tranfer to pull the right page content, despite of its location
Which is better? Do you have another method?
Please help!
There's another approach, System.Web.Routing, added in ASP.NET 3.5 SP1. Basically, you implement the IRouteHandler interface and manually route the request to an appropriate handler.
This is how ASP.NET MVC handles request routing. There's a guide here that uses it for Web forms.
By the way, consider looking at ASP.NET MVC and check if it's appropriate for your situation.
We have a ajax listprovider for typeahead text fields in our webform site. Every page now requests a listprovider.asmx/jsdebug with no caching parameters etc.
How do we turn that off?
You need to make sure that the debug attribute is set to false in your web.config, it is part of the compilation element in system.web.
Hope that helps...
Steve
I'm using an Ajax update panel and have recently added ASP.NET tracing code to aid in debugging. All of the sudden I started getting PageRequestManagerParseErrorExceptions when any Ajax code is executed.
For example:
Trace.Write("Done setting employeeId.");
Apparently this is because I am not allowed to use "server tracing" along with Ajax. (according to this post by Eilon Lipton).
Is this true? Am I not allowed to use the awesome ASP.NET tracing mechanism? It would be a shame.
Setting pageOutput="false" on the trace element in web.config seems to solve the problem.
Use ASP.NET tracing, but rather write to the normal diagnostics trace by setting the writeToDiagnosticsTrace attribute to "true" (this is on the trace element in your web.config file).