3

I would like to be able to do some checks on an incoming request before the HttpException "A potentially dangerous Request.Path value was detected from the client" is thrown. Is there anywhere in the ASP.NET lifecycle I can do this?

This is on an older ASP.NET web forms application with IIS 8.5.

  • I know why the exception occurs, and I'm not trying to prevent it with ValidateRequest="false" or with a web.config setting
  • I'm not trying to catch it, which I know I can do in global.asax Application_Error

I thought HttpModules were run before the processing of the request, but adding a breakpoint to the Init() method of my module doesn't get hit when I try to request a URL like "http://example.com/>", so the error is thrown even earlier than that.

If useful, here is the full error:

System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (>).
 at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
 at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Rick
  • 1,863
  • 2
  • 19
  • 46

1 Answers1

0

Try this event in Global.asax. I added the method along with the comment to my Global.asax page a long time ago but never actually used it. I just did a quick run, adding <script> into a textbox control and clicking a button, and this event was hit before the page bombed.

// This event is executed for every page request
// and is run before the PreInit event. Therefore we
// can use it to set the theme and master for every page.
protected void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
}
wazz
  • 4,953
  • 5
  • 20
  • 34
  • I added this, set a breakpoint, and it did not get hit using my example URL. Application_BeginRequest didn't work either. – Rick Aug 21 '19 at 20:48