stackoom
  简体   繁体   中英

Handle “A potentially dangerous Request.Form value was detected from the client ” in Application_Error under Global.asax.cs

 原文  2015-07-28 08:06:01       c#/ asp.net-mvc/ asp.net-mvc-4

Question

I have done this many times , But this time I don't know why I am unable to handle this error.

I am somewhat sure it's related to web.config but not sure. Can anyone help me to fix this one. 

<?xml version="1.0" encoding="utf-8"?>    
<configuration>
  <configSections>        
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=3.1.0.0, Culture=neutral" />
    <section name="enterpriseLibrary.ConfigurationSource" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ConfigurationSourceSection, Microsoft.Practices.EnterpriseLibrary.Common,Version=3.1.0.0, Culture=neutral" />
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
      <section name="Store.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    </sectionGroup>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
    </sectionGroup>
    <sectionGroup name="elmah">
      <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
      <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
      <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
      <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
    </sectionGroup>
  </configSections>
  <enterpriseLibrary.ConfigurationSource selectedSource="System Configuration mobile Source">
    <sources>
      <add name="System Configuration mobile Source" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.SystemConfigurationSource, Microsoft.Practices.EnterpriseLibrary.Common, Version=3.1.0.0, Culture=neutral" />
    </sources>
  </enterpriseLibrary.ConfigurationSource>
  <dataConfiguration defaultDatabase="DefaultConnection" />
  <log4net>
    <appender name="FileAppender" type="log4net.Appender.FileAppender">
      <file value="PayPalAPISampleLog.log" />
      <appendToFile value="true" />
      <layout type="log4net.Layout.PatternLayout">
        <conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] %message%newline" />
      </layout>
    </appender>
    <root>
      <level value="DEBUG" />
      <appender-ref ref="FileAppender" />
    </root>
  </log4net>
  <connectionStrings>
    <add name="DefaultConnection" connectionString="XXXXX" providerName="System.Data.SqlClient" />        
  </connectionStrings>
  <appSettings>
    <add key="webpages:Version" value="2.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />        
    <add key="vs:EnableBrowserLink" value="false" />
    <add key="elmah.mvc.disableHandler" value="false" />
    <add key="elmah.mvc.disableHandleErrorFilter" value="false" />
    <add key="elmah.mvc.requiresAuthentication" value="false" />
    <add key="elmah.mvc.IgnoreDefaultRoute" value="false" />
    <add key="elmah.mvc.allowedRoles" value="*" />
    <add key="elmah.mvc.allowedUsers" value="*" />
    <add key="elmah.mvc.route" value="elmah" />
    <add key="elmah.mvc.UserAuthCaseSensitive" value="true" />
    <add key="PrintProductId" value="9" />
  </appSettings>      
  <system.web>
    <machineKey validationKey="DCA0DBFEBF5F09C44F55669FD9B05CB6292409F1100215899056BD685954905929B23907FAA7C0DA5DAF9157B61A7F64A1AC55DAD83FF84F613B84C4A2A5C186" decryptionKey="298221626C79E4C2E4D7023478BF501CB9DF368678F24BC01A6289FB0C6D2E84" validation="SHA1" decryption="AES" />
    <roleManager enabled="true" />
    <sessionState mode="InProc" timeout="2400" />
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime executionTimeout="3600" maxRequestLength="1024000" />
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>
    <pages controlRenderingCompatibilityVersion="4.0">
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
        <!-- Authorize.Net -->
        <add namespace="AuthorizeNet.Helpers" />
      </namespaces>
    </pages>
    <customErrors mode="Off" />
    <httpModules>
      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />
    </httpModules>
  </system.web>
  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxAllowedContentLength="209715200" />            
      </requestFiltering>
    </security>
    <staticContent>
      <remove fileExtension=".woff" />
      <remove fileExtension=".woff2" />
      <mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
      <mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
    </staticContent>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
    </modules>
    <urlCompression doStaticCompression="false" doDynamicCompression="false" />
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.AspNet" publicKeyToken="2780ccd10d57b246" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" />
      </dependentAssembly>
    </assemblyBinding>

  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
  </entityFramework>
  <applicationSettings>
    <Store.Properties.Settings>
      <setting name="Store_RateServiceWebReference_RateService" serializeAs="String">
        <value>https://wsbeta.fedex.com:443/web-services/rate</value>
      </setting>
    </Store.Properties.Settings>
  </applicationSettings>
  <system.net>
    <mailSettings>
      <smtp from="demotestkaushik1987@gmail.com">
        <network enableSsl="true" defaultCredentials="false" host="smtp.gmail.com" password="XXXXX" port="587" userName="demotestkaushik1987@gmail.com" />
      </smtp>
    </mailSettings>
    <defaultProxy enabled="true" />
    <settings>          
    </settings>
  </system.net>
  <dotNetOpenAuth>
    <messaging>
      <untrustedWebRequest>
        <whitelistHosts>              
        </whitelistHosts>
      </untrustedWebRequest>
    </messaging>        
    <reporting enabled="true" />        
    <openid>
      <relyingParty>
        <security requireSsl="false">              
        </security>
        <behaviors>              
          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
        </behaviors>
      </relyingParty>
    </openid>
  </dotNetOpenAuth>
  <uri>        
    <idn enabled="All" />
    <iriParsing enabled="true" />
  </uri>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="LBSoap" />
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="XXXX" binding="basicHttpBinding" bindingConfiguration="LBSoap" contract="VividDSMO.LBSoap" name="LBSoap" />
    </client>
  </system.serviceModel>
  <elmah>
    <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data" />
    <errorMail from="demotestkaushik1987@gmail.com" to="kaushik.thanki@XXXXX"  async="true" smtpServer="smtp.gmail.com" password="XXXX" port="587" userName="demotestkaushik1987@gmail.com" useSsl="true" />
    <security allowRemoteAccess="yes" />
  </elmah>
</configuration>

I have created sample project and i am able to handle this error under Application_Error event of global.asax.cs . My Application is Asp.net MVC .

1 answers

solution1
 1 ACCPTED  2015-07-28 13:05:11

Finally after wasting couple of hours i found the issue.. I don't know the reason but removing 

<errorMail from="demotestkaushik1987@gmail.com" to="kaushik.thanki@XXXXX"  async="true" smtpServer="smtp.gmail.com" password="XXXX" port="587" userName="demotestkaushik1987@gmail.com" useSsl="true" />

This line of code from web.config now my code hit's application_error event under Global.asax.cs whenever i have A

potentially dangerous Request.Form value was detected from the client

error. I am posting this answer in hope this may help other or someone proved the reason of this behavior

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client ASPMVC - A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client Exception A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client XXX Handling 'A potentially dangerous Request.Form value was detected from the client' and informing user of this error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM