Recently, In our application I faced an issue while working with special kind of URLs (URL was referring to pdf file and pdf file name had & in it). I got a message saying A potentially dangerous Request value was detected from the client.
After speding 2 hours in troubleshooting this issue, I come to below solution
Solution:
In web.config file there is a section called httpRuntime. It has a property called requestPathInvalidCharacters, if it is not defined in your configuration, then by default .net considers its value as
So, these are the default invalid characters - as these characters in URL are security threats - defined by .net framework. If you want to allow any of them in your URL, then you will have to explicitly define this in httpRuntime section by removing that character.
For my case, it worked when I removed "&" from the above list.
My setting looks like this,
<httpRuntime requestPathInvalidCharacters="<,>,*,%,:,\" .. />
And now it is working like a charm.. no more
potentially dangerous requests... :)
Happy coding
After speding 2 hours in troubleshooting this issue, I come to below solution
Solution:
In web.config file there is a section called httpRuntime. It has a property called requestPathInvalidCharacters, if it is not defined in your configuration, then by default .net considers its value as
requestPathInvalidCharacters = "<,>,*,&,%,:,\"
So, these are the default invalid characters - as these characters in URL are security threats - defined by .net framework. If you want to allow any of them in your URL, then you will have to explicitly define this in httpRuntime section by removing that character.
For my case, it worked when I removed "&" from the above list.
My setting looks like this,
<httpRuntime requestPathInvalidCharacters="<,>,*,%,:,\" .. />
And now it is working like a charm.. no more
potentially dangerous requests... :)
Happy coding
No comments:
Post a Comment