none
A potentially dangerous Request.Path value was detected from the client (&).

    Question


  • This happened when it detect the & and the / and %26.

    I have read the ASP.NET 4 Beta 2 Breaking Changes  and revert to the behavior of the ASP.NET 2.0 but still having the problem.

    <system.web>
            <httpRuntime requestValidationMode="2.0" />
            <pages validateRequest="false" />
     </system.web>


    Here is my code. This code is for Web Routing using ASP.NET 4.0 Beta 2.

    Global.asax

    void Application_Start(object sender, EventArgs e)
        {
            RegisterRoutes(RouteTable.Routes);
        }

        void RegisterRoutes(RouteCollection routes)
        {
          
            // The {*CategoryName} instructs to route to match all content after the first slash
          
            routes.MapPageRoute(
                "CategoryAndSearch",                // Route name
                "Find/{*CategoryName}",   // Route URL
                "~/List/default.aspx" // Web page to handle route
            );
               
              
        }
    Test URL http://localhost:1754/webProjectName/Find/afdaf&test
          

    I don't think this is the validation problem.  This is other problem. I removed all of my code from the Global.asax but the ASP.NET 4.0 Beta 2 still could not handle it.

    Test URL http://localhost:1754/webProjectName/RANDOMSTUFF/RandDom&Other



           
    Friday, February 05, 2010 3:14 PM

Answers

All replies

  • Please use ASP.NET 4.0 Beta2 forum for your question: http://forums.asp.net/1212.aspx

    -Karel
    Friday, February 05, 2010 5:40 PM
  • I've found a solutio. simply switch the validation to 2.0

     

          <httpRuntime requestValidationMode="2.0" executionTimeout="20" requestPathInvalidCharacters="" />
        <pages validateRequest="false"/>

    Wednesday, July 07, 2010 10:14 PM
  • Hi,

    Most times the invalid character is the "&" symbol because of this WebForm_PostBackOptions(&quot;..) and usually because of search engine scrapping techniques...

    The default value for is requestPathInvalidCharacters="<,>,*,%,&,:,\\" so remove the "&" symbol 

    So I would recommend this setting rather than the one above which in theory is to help stop the hackers:
    <httpRuntime requestValidationMode="2.0" executionTimeout="20" requestPathInvalidChars="&lt;,&gt;,*,%,:,\,?"  /> 

    and this very annoying error message in your logs will disappear...
    "A potentially dangerous Request.Path value was detected from the client (&)."

    -Andy

    • Proposed as answer by acqku Saturday, July 28, 2012 9:07 AM
    • Unproposed as answer by acqku Saturday, July 28, 2012 9:08 AM
    • Proposed as answer by acqku Saturday, July 28, 2012 9:08 AM
    Wednesday, January 26, 2011 1:26 PM
  • I was getting the same error above only mine was caused by a mal-formed url. The query string was built programmatically and I forgot to make the first query string argument prefixed with a '?'.

    eg. www.test.com&asdas=asd

     


    LG
    Wednesday, May 25, 2011 1:19 PM
  • thanks a ton.. solved my problem

    Saturday, July 28, 2012 9:08 AM