A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")
23,240
Solution 1
<httpRuntime requestValidationMode="2.0"/>
after this add
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
also in mvc3 there is an AllowHtml attribute
[AllowHtml]
public string Property{ get; set; }
here are some useful links
ASP.NET MVC – pages validateRequest=false doesn’t work?
Why is ValidateInput(False) not working?
Solution 2
See this answer if you are running .NET 4.5 which takes advantage of an updated request validator built in to ASP.NET.
![pierreshiny](https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg?sz=256)
Author by
pierreshiny
I like working with smart people to build awesome products.
Updated on March 20, 2020Comments
-
pierreshiny over 4 years
I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.
I followed all the instructions.
<httpRuntime requestValidationMode="2.0" />
check!
[ValidateInput(false)]
check!
<pages validateRequest="false" >
check!
I tried a custom validator, but it never gets instantiated.
Error stack:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").] System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82 System.Web.HttpRequest.get_Form() +212 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
Any suggestions?
-
pierreshiny over 12 yearsSorry, edited to note that I do have pages validateRequest = false.
-
kolin over 12 yearsThe AllowHtml attribute worked for me when this problem arose.
-
Jason Foglia over 10 yearsUsing Web Forms, What happen's if I didn't want to turn of request validation for the entire site? MVC has a nice way to allow this for an object property, what about Web Forms.
-
Rafay over 10 years@JasonFoglia this post may help resolve your problem stackoverflow.com/a/8017318/413670