All geek questions in one place

Web service does not accept input

I am working on a simple .Net 4.0 web service. I created one method that accepts string input. I run the project in debug mode, so a page opens in my browser where I can enter input and call the service method. Unfortunately, I get the following error:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (xmlData="<?xml version="1.0" ...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
   at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()

I tried adding

 <pages validateRequest="false" />

in web.config. This does not work.

What can I do?

+3
source share
1 answer

I found a solution:

In .Net 4, you need to add the following line under <system.web>:

 <httpRuntime requestValidationType="MyService.CustomRequestValidator" />

The CustomRequestValidator class is a test that you must add yourself. Then just override the bool IsValidRequestString () method and return true to exclude the check:

/// <summary>
/// Validates the input based on some custom rules
/// </summary>
public class CustomRequestValidator : RequestValidator
{
    /// <summary>
    /// Validates a string that contains HTTP request data.
    /// </summary>
    /// <param name="context">The context of the current request.</param>
    /// <param name="value">The HTTP request data to validate.</param>
    /// <param name="requestValidationSource">An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:QueryStringForm CookiesFilesRawUrlPathPathInfoHeaders</param>
    /// <param name="collectionKey">The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, <paramref name="collectionKey"/> can be null.</param>
    /// <param name="validationFailureIndex">When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.</param>
    /// <returns>
    /// true if the string to be validated is valid; otherwise, false.
    /// </returns>
    protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
    {
        // Set a default value for the out parameter.
        validationFailureIndex = -1;

        return true;

        //    // All other HTTP input checks are left to the base ASP.NET implementation.
        //    return base.IsValidRequestString(
        //                                        context,
        //                                        value,
        //                                        requestValidationSource,
        //                                        collectionKey,
        //                                        out validationFailureIndex);            
    }
}

}

+7

Source: https://habr.com/ru/post/1750691/

More articles:


All Articles