Recently I was working on my MVC3 ASP.NET Web Role application (Using Windows Azure Tools August 2011 Update based MVC3 template) which is interacting with App Fabric ACSv2 and I hit the following error:
Server Error in ‘/’ Application.
A potentially dangerous Request.Form value was detected from the client (wresult=”<t:RequestSecurityTo…”).
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode=”2.0″. Example: <httpRuntime requestValidationMode=”2.0″ />. After setting this value, you can then disable request validation by setting validateRequest=”false” in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult=”<t:RequestSecurityTo…”).
So if you get this error, don’t freak out…
The main reason for this problem can be found in your configuration. The web service was invoked where a parameter included an XML tag as below:
You can solve this problem two ways:
Solution #1: Turn off request validation
Configure your web.config to add the following:
<pages validateRequest=”false” />
You also need to use the following setting in your ASP.NET 4 application’s web.config to solved this problem:
<httpRuntime requestValidationMode=”2.0″ />
Solution #2: Create a custom class to handle validation
Please create a customer validator clad and add the following line in the web.config:
<httpRuntime requestValidationType=”CustomRequestValidator” />
To learn how to write a custom request validation handler, please follow the link below:
Above link is the best information to follow up on this regard.