I have published a InfoPath form as content type and referenced it in a document library. However when i try to open the InfoPath form from the document library i get the following error message:
Requested registry access is not allowed. at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
at Microsoft.Win32.Registry.GetValue(String keyName, String valueName, Object defaultValue)
at Microsoft.Office.InfoPath.Server.Runtime.FormServer.<>c__DisplayClass1.b__0()
at Microsoft.Office.Server.Security.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.Office.InfoPath.Server.Runtime.FormServer.DeterminePremiumSku()
at Microsoft.Office.InfoPath.Server.Runtime.FormServer.get_IsPremium()
at Microsoft.Office.InfoPath.Server.Controls.FormServerPage.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at Microsoft.Office.InfoPath.Server.Controls.FormServerPage.ProcessRequest(HttpContext context)
at ASP._layouts_formserver_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I got this message as well. It turned out my MOSS 2007 copy had reverted to trial mode. After making the registry changes outlined here I got the following message after refreshing the page: The trial period for this product has expired.
I entered the license key again in Central Administration and everything started to work again.
Related
this is the exception
System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtCodeFormate="<a href="%%strpath%%...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.ccadmin_cms_setup_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Till now I've tried following options,
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
<pages validateRequest="false" enableEventValidation="false"></pages>
FYI, its working fine in local, but when I deploy it on server its not working properly,
Do I need to work on something at IIS ?
I believe your question with all options answered here.
Have you tried the following after you modify Web.config?
Option 1: On the model add this attribute to each property that you need to allow HTML - best choice
[AllowHtml]
Option 2: On the controller action add this attribute to allow all HTML
[ValidateInput(false)]
Okay so, I have been given the responsibility to migrate a website with multiple applications to another server. That migration went well (all applications working). However, the performance of that new server was sub par (whole other story). We decided to migrate it again. This time everything is working very well-- except one application.
It worked just fine on the first and second IIS servers, but is refusing to cooperate this time around.
I've mirrored all the config settings that I could find from the working server:
windows authentication enabled: check
Impersonation disabled: check
applicationpool settings match: check
I just don't know what I'm missing; why would it work on one server, but not the other.
An operations error occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServices.COMException: An operations error occurred.
Source Error:
Line 9: Dim myUsername As String = Right(User.Identity.Name, Len(User.Identity.Name) - InStr(User.Identity.Name, "\"))
Line 10: Dim ctx = New PrincipalContext(ContextType.Domain)
Line 11: Dim myUser = UserPrincipal.FindByIdentity(ctx, myUsername)
Line 12: hfValid.Value = "false"
Line 13: For Each gp As GroupPrincipal In myUser.GetAuthorizationGroups
Source File: D:\mghnet1\isOnCall\Default.aspx.vb Line: 11
COMException (0x80072020): An operations error occurred
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +378142
System.DirectoryServices.DirectoryEntry.Bind() +36
System.DirectoryServices.DirectoryEntry.get_AdsObject() +31
System.DirectoryServices.PropertyValueCollection.PopulateList() +26
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +49
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +150
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +1114
System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +37
System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +112
System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +31
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +14
System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) +73
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +28
_Default.Page_Load(Object sender, EventArgs e) in D:\mghnet1\isOnCall\Default.aspx.vb:11
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
Version Information: Microsoft .NET Framework Version:2.0.50727.5466; ASP.NET Version:2.0.50727.5456
Please help, none of the other forum posts I've found have posted solutions that work for me.
I am experiencing an issue with a web app that is frequently spewing out the following style error with just a single aspx page:
Browser: IE
Url Referrer: redacted
User Host 1.1.1.1
User Host Name: 1.1.1.1
Last Error: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w..."). at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Source: System.Web
Message: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w...").
Normally, I would suspect that the user must have done something dumb like put an HTML tag in there, but this happens frequently and no HTML tags are reported in the email.
I know that I can turn off ValidateRequest using the RequestValidation="false" Page directive, but that is also undesirable because I want some validation, just not over-sensitive validation.
Is there some way I can override the default implementation of ValidateRequest? Has anybody run into ValidateRequest erroneously producing errors before? Finally, does anybody know what the implementation of ValidateRequest even looks like?
Since you say that the false positives are coming from just the one page, I would keep the site level web.config setting enabled, and disable the page level validation for just this page.
Then you need to take responsibility for user input on the page:
Do your own (server side) validation on all fields, e.g. regex etc.
Sanitize any data known to be user originated input before writing it out, e.g. with WPL.
I have two servers on IIS6 where load balancing is done by a load balancing hardware. When a response is provided Server 1 and the postback is handled by Server 2 it always gets an error The state information is invalid for this page and might be corrupted and underneath Invalid viewstate on almost every postback when requests are handled by alternative servers. If I turn off one of the server then it seems to be working fine.
I have checked the decryptionKey and validationKey are both exactly same on the both server deployment, and also wth enableEventValidation="false" and enableViewStateMac="false". There was no luck with all sorts of solutions available provided by Google :P
Please check the stack trace below where exception occurs at HiddenFieldPageStatePersister.Load() followed by Page.LoadPageStateFromPersistenceMedium().
[ViewStateException: Invalid viewstate.
Client IP: 192.168.5.21
Port: 60042
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
ViewState: {VIEWSTATE DATA}
[HttpException (0x80004005): The state information is invalid for this page and might be corrupted.]
System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) +118
System.Web.UI.ViewStateException.ThrowViewStateError(Exception inner, String persistedState) +13
System.Web.UI.HiddenFieldPageStatePersister.Load() +222
System.Web.UI.Page.LoadPageStateFromPersistenceMedium() +107
System.Web.UI.Page.LoadAllState() +43
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6230
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +247
System.Web.UI.Page.ProcessRequest() +79
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +23
System.Web.UI.Page.ProcessRequest(HttpContext context) +111
OrderJourneyDefault.ProcessRequest(HttpContext context) in C:\inetpub\wwwroot\x\Default.aspx.cs:350
ASP.toj_application_orderjourney_default_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\82a64fa9\62e4fa0\App_Web_31vcm2al.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +406
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +76
NOTE: There's no AJAX/Javascript related things to mess up my application.
Thanks in advance.
Munim
We have an ASP.NET web forms application which occasionally generates a validation error like below.
What can be the reason for this?
A validation error has occurred.
Exception type: System.Web.HttpRequestValidationException
Exception message: A potentially dangerous Request.QueryString value
was detected from the client
(_TSM_CombinedScripts_="... </div> ...").
Request URL: https://...:443/Default.aspx?_TSM_HiddenField_=
ctl00_sm1_HiddenField&_TSM_CombinedScripts_=
%3b%3bAjaxControlToolkit%2c+Version%3d3.5.11119.20050%2c
+Culture%3dneutral%2c
+PublicKeyToken%3d28f01b0e8%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
</div>%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20<div%20class=
Stack trace: at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
at System.Web.HttpRequest.get_QueryString()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.user_default_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
More details:
I do not think it is a 'malicious' request, but is due to some incorrect handling of this script link. If so, how to handle that?
The following script block is in the generated html source for the page in question:
<script src="/Default.aspx?_TSM_HiddenField_=
ctl00_sm1_HiddenField&_TSM_CombinedScripts_=
%3b%3bAjaxControlToolkit%2c+Version%3d3.5.11119.20050%2c
+Culture%3dneutral%2c
+PublicKeyToken%3d28f01c0e84b6d53e%3aen%3a7e147239-dd05-47b0-7fb3-
f743a139f982%3be2e86bf9%3a1aa13a87%3a8ccd9c1b%3a9ea3f0e2%3a9e7e87e9
%3a4c9865be%3aba594826%3ac4c00916%3a630bb7c2%3af442e939"
type="text/javascript"></script>
ASP.NET does not allow any HTML (basically a list of potentially dangerous values) in a Querystring or Form field value by default. This is set by the #Page directive's ValidateRequest attribute (true by default).
You could turn the feature off, but it will open you up to XSS attacks. The better method is to make sure that all your querystrings are properly URL-encoded.
In your case, it appears to be the </div> tag that is causing the problem. If this querystring is being created via Javascript, I would suggest the use of the encodeURIComponent() function to encode values.