validateRequest="false" not working, even with requestValidationMode="2.0"

Question

I have an ASP.NET Web Site running in Visual Studio dev-fabric (azure project) and am using ACS and WIF. My authentication process isn't working because after I login I get this:

A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").

The documentation states that I need to add

<pages validateRequest="false" />

and

<httpRuntime requestValidationMode="2.0" />

And I did - but I'm still getting the error. I've also added validateRequest="false" at the page level. But nada - still getting the same error.

These steps seem to have fixed the issue for other posters - is it something to do with running in dev-fabric perhaps?

why don't you use a requestsValidationType instead? http://nuget.org/List/Packages/SyntaxC4.WindowsAzure.ACSManagement.Mvc — cory-fowler, Oct 27 '11 at 04:26

score 6 · Accepted Answer · answered Oct 14 '11 at 22:45

6

I hadn't realised, but I'd accidentally added these settings within a location tag created by WIF:

  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
      <!-- wrong! -->
    </system.web>
  </location>
  <system.web>
      <!-- right! -->
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />

answered Oct 14 '11 at 22:45

ConfusedNoob

9,826
14
64
85

If i had a nickle for everytime i had this happen... Anyway here is a useful link: http://social.technet.microsoft.com/wiki/contents/articles/windows-identity-foundation-wif-a-potentially-dangerous-request-form-value-was-detected-from-the-client-wresult-quot-lt-t-requestsecurityto-quot.aspx, also you can accept your own answer. – Gary.S Oct 15 '11 at 02:49

validateRequest="false" not working, even with requestValidationMode="2.0"

1 Answers1

Linked