ValidateRequest = "false" does not work, even with requestValidationMode = "2.0"

Question

ValidateRequest = "false" does not work, even with requestValidationMode = "2.0"

I have an ASP.NET website running in dev-fabric in Visual Studio (azure project) and I use ACS and WIF. My authentication process does not work, because after logging in I get the following:

A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").

The documentation says what I need to add

 <pages validateRequest="false" />

and

 <httpRuntime requestValidationMode="2.0" />

And I did - but I still get the error. I also added validateRequest = "false" at the page level. But nada - still the same mistakes.

These steps seemed to fix the problem for other posters - maybe this is due to running in dev-fabric?

+6

asp.net wif azure

ConfusedNoob Oct 14 '11 at 21:49

source share

1 answer

ConfusedNoob · Accepted Answer · 2011-10-14T22:45:09+0000

I did not understand, but I accidentally added these settings to the location tag created by WIF:

  <location path="FederationMetadata"> <system.web> <authorization> <allow users="*" /> </authorization> <!-- wrong! --> </system.web> </location> <system.web> <!-- right! --> <httpRuntime requestValidationMode="2.0" /> <pages validateRequest="false" />

ValidateRequest = "false" does not work, even with requestValidationMode = "2.0"

More articles: