在IIS下运行时ValidateInput(false)似乎不起作用
[英]ValidateInput(false) doesn't seem to work when running under IIS
问题描述
When I run my ASPNet MVC 2 Preview 1 website under VS dev server , it works just fine when I do a form post with Form Method " Get " - the form has a textbox with text that has angle brackets (for ex: "i < 10;") 
当我在VS dev服务器下运行ASPNet MVC 2 Preview 1网站时,当我使用“ 获取 ”表单方法进行表单发布时,它的工作就很好了-表单的文本框带有带尖括号的文本(例如:“ i < 10;“)
However under IIS, when the same form is posted (using Method " Get "), I get a 404 page not found. 但是,在IIS下,发布相同的表单(使用方法“ Get ”)时,找不到404页面。
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /Rejected-By-UrlScan
Searched all over the web, nothing that helped solve the issue. 在整个网络上进行搜索,没有找到有助于解决该问题的信息。
Yes, I do have 是的,我有
- ValidateRequest="false" set on Views->Web.config, Main Web.Config 在主Web.Config的Views-> Web.config上设置的ValidateRequest =“ false”
- ValidateInput(false) attribute set on the Controller class as well as all the Action methods 在Controller类以及所有Action方法上设置的ValidateInput(false)属性
None of these 2 options are helping solve the problem. 这两个选项均不能帮助解决问题。
Any help appreciated 任何帮助表示赞赏
2 个解决方案
解决方案1
1 已采纳 2009-11-17 09:24:37
There's a major clue to the problem right there in your 404 message. 您的404讯息中有一个主要的线索可以解决这个问题。
Requested URL: /Rejected-By-UrlScan
UrlScan is a security package that's installed into your IIS server but not into the Visual Studio dev server, which explains why you're only hitting this problem on IIS. UrlScan是一个安全软件包,已安装到IIS服务器中,但未安装到Visual Studio开发服务器中,这说明了为什么只在IIS上遇到此问题。 You mention having angled-brackets in your post data, so it could be the case that UrlScan is blocking the request because of that, but I'm not familar enough with UrlScan to be sure. 您提到您的帖子数据中有尖括号,因此UrlScan可能因此阻止了请求,但我对UrlScan并不十分了解。
Fiddling with the attributes of your ASP.NET controls may not provide a solution, since UrlScan will be blocking this request before it even reaches ASP.NET. 摆弄ASP.NET控件的属性可能无法提供解决方案,因为UrlScan甚至会在到达 ASP.NET之前阻止此请求。
I can't really offer much more than this (as I say, I'm not really all that familiar with UrlScan, beyond a vague idea of what it is), but if I were you I'd start by googling for UrlScan and finding out how to configure it - or if it has some sort of log that will help you identify exactly why it's blocking this particular request. 我不能提供更多的功能(正如我所说,我对UrlScan并不十分了解,只是不清楚它的含义),但是如果我是您,那么我将首先搜索UrlScan和了解如何配置它-或是否有某种日志可以帮助您准确确定为什么它阻止了此特定请求。
EDIT: 编辑: http://learn.iis.net/page.aspx/473/using-urlscan looks like a good place to start. http://learn.iis.net/page.aspx/473/using-urlscan看起来是一个不错的起点。
解决方案2
0 2009-10-13 22:15:22
ValidateRequest changes in web.config have no effect in ASP.NET MVC. web.config中ValidateRequest的更改在ASP.NET MVC中无效。 It's enabled by default and you need to use an attribute to enable/disable it. 默认情况下启用它,您需要使用属性来启用/禁用它。
See this reference: 请参阅此参考资料:
http://stephenwalther.com/blog/archive/2009/02/20/tip-48-ndash-disable-request-validation.aspx http://stephenwalther.com/blog/archive/2009/02/20/tip-48-ndash-disable-request-validation.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.