我已尝试了所有方法并阅读了所有与此错误相关的论坛,但找不到解决方案。我已将 Web 应用程序发布到服务器,并使用 AD FS 和 STS 身份验证对其进行设置。在关注其他论坛并将此代码添加到我的 web.config 文件后,此错误仍然显示:
<location path="FederationMetadata">
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
此应用程序位于设置为 v4.0 的 IIS 应用程序池下,应用程序本身的目标框架为 3.5。这些因素是否会阻止我关闭导致错误的验证请求?我在这里错过了什么吗? 我还尝试将代码添加到@page:
<%@ Page Language="C#" AutoEventWireup="true" Inherits="_Default" validateRequest="false" Codebehind="Default.aspx.cs" %>
此 Web 应用程序是一个简单的 Web 表单 .aspx 页面,其中嵌入了 .ascx 用户控件(如果这有什么不同的话)。我对这个错误非常困惑,希望得到任何帮助。
谢谢
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12339046
System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +203
System.Web.HttpRequest.get_Form() +100
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
评论更新: 我已使用此代码项目作为此站点的起点:http://www.codeproject.com/Articles/301328/ASP-NETUser-Control-File-Browser 。用户控件与此基本相同。我刚刚添加了基于文件类型的搜索功能和图片。我还将其更改为 Web 应用程序而不是网站项目。
最佳答案
哇。看来这个问题的答案就在我的面前。一位同事能够找到我的代码:
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
- 没有被实现,因为它位于位置标记内。一旦我从该标签内删除代码并将其放置在下面的位置,这个错误就得到了处理。该标签也是从 STS 或 ADFS 自动创建的,所以我想这就是我如此困惑的原因。
<system.web>
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="None"/>
....
我最终取出了 validateRequest="false"并放入了 @page 指令,如上面所示。谢谢你的意见。
关于c# - 为什么我无法修复错误 : A potentially dangerous Request. 从客户端检测到表单值(结果 ="<t:RequestSecurityTo..."),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31685796/