A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")

asp.net-mvc-3 wif single-sign-on
23,240

Solution 1

<httpRuntime requestValidationMode="2.0"/>

after this add

<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>

also in mvc3 there is an AllowHtml attribute

[AllowHtml]
public string Property{ get; set; }

here are some useful links

ASP.NET MVC – pages validateRequest=false doesn’t work?

Why is ValidateInput(False) not working?

Solution 2

See this answer if you are running .NET 4.5 which takes advantage of an updated request validator built in to ASP.NET.

Share:
23,240
pierreshiny
Author by

pierreshiny

I like working with smart people to build awesome products.

Updated on March 20, 2020

Comments

  • pierreshiny
    pierreshiny over 4 years

    I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.

    I followed all the instructions. 

    <httpRuntime  requestValidationMode="2.0" />

    check!

        [ValidateInput(false)]

    check!

    <pages validateRequest="false" >

    check!

    I tried a custom validator, but it never gets instantiated.

    Error stack:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
   System.Web.HttpRequest.get_Form() +212
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
   Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270

    Any suggestions?

  • pierreshiny
    pierreshiny over 12 years
    Sorry, edited to note that I do have pages validateRequest = false.
  • kolin
    kolin over 12 years
    The AllowHtml attribute worked for me when this problem arose.
  • Jason Foglia
    Jason Foglia over 10 years
    Using Web Forms, What happen's if I didn't want to turn of request validation for the entire site? MVC has a nice way to allow this for an object property, what about Web Forms.
  • Rafay
    Rafay over 10 years
    @JasonFoglia this post may help resolve your problem stackoverflow.com/a/8017318/413670

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What's the difference between ADFS, WIF, WS Federation, SAML, and STS?
Adding Claims-based authorization to MVC 3
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
Unable to find the requested .Net Framework Data Provider
What is the default sessionState in an asp.net mvc 3 application?
ASP MVC3 insert html tag inside actionlink
Ajax.BeginForm OnFailure invoked when ModelState is InValid
Why does Razor not like this?
Ajax post in MVC 3 with multiple-form View