我正在开发一个简单的 .Net 4.0 Web 服务。我创建了一种方法,它接受字符串输入。我在 Debug模式下运行该项目,以便在浏览器中打开一个页面,我可以在其中输入输入并调用服务的方法。不幸的是我收到以下错误:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (xmlData="<?xml version="1.0" ...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
我尝试添加
<pages validateRequest="false" />
到 web.config。它不起作用。
我能做什么?
最佳答案
我找到了解决方案:
在 .Net 4 中,您必须在
<httpRuntime requestValidationType="MyService.CustomRequestValidator" />
CustomRequestValidator 类是您必须自己添加的验证。然后只需重写 bool IsValidRequestString() 方法并返回 true 即可消除验证:
/// <summary>
/// Validates the input based on some custom rules
/// </summary>
public class CustomRequestValidator : RequestValidator
{
/// <summary>
/// Validates a string that contains HTTP request data.
/// </summary>
/// <param name="context">The context of the current request.</param>
/// <param name="value">The HTTP request data to validate.</param>
/// <param name="requestValidationSource">An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:QueryStringForm CookiesFilesRawUrlPathPathInfoHeaders</param>
/// <param name="collectionKey">The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, <paramref name="collectionKey"/> can be null.</param>
/// <param name="validationFailureIndex">When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.</param>
/// <returns>
/// true if the string to be validated is valid; otherwise, false.
/// </returns>
protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
{
// Set a default value for the out parameter.
validationFailureIndex = -1;
return true;
// // All other HTTP input checks are left to the base ASP.NET implementation.
// return base.IsValidRequestString(
// context,
// value,
// requestValidationSource,
// collectionKey,
// out validationFailureIndex);
}
}
}
关于.net - Web 服务不接受输入,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3070642/