stackoom
  简体   繁体   中英

ValidateInput(false) doesn't seem to work when running under IIS

 原文  2009-10-13 22:10:28       asp.net/ asp.net-mvc/ iis

Question

When I run my ASPNet MVC 2 Preview 1 website under VS dev server , it works just fine when I do a form post with Form Method " Get " - the form has a textbox with text that has angle brackets (for ex: "i < 10;")

However under IIS, when the same form is posted (using Method " Get "), I get a 404 page not found. 

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /Rejected-By-UrlScan

Searched all over the web, nothing that helped solve the issue.

Yes, I do have

  1. ValidateRequest="false" set on Views->Web.config, Main Web.Config
  2. ValidateInput(false) attribute set on the Controller class as well as all the Action methods

None of these 2 options are helping solve the problem.

Any help appreciated

2 answers

solution1
 1 ACCPTED  2009-11-17 09:24:37

There's a major clue to the problem right there in your 404 message.

Requested URL: /Rejected-By-UrlScan

UrlScan is a security package that's installed into your IIS server but not into the Visual Studio dev server, which explains why you're only hitting this problem on IIS. You mention having angled-brackets in your post data, so it could be the case that UrlScan is blocking the request because of that, but I'm not familar enough with UrlScan to be sure.

Fiddling with the attributes of your ASP.NET controls may not provide a solution, since UrlScan will be blocking this request before it even reaches ASP.NET.

I can't really offer much more than this (as I say, I'm not really all that familiar with UrlScan, beyond a vague idea of what it is), but if I were you I'd start by googling for UrlScan and finding out how to configure it - or if it has some sort of log that will help you identify exactly why it's blocking this particular request.

http://learn.iis.net/page.aspx/473/using-urlscan looks like a good place to start.

solution2
 0  2009-10-13 22:15:22

ValidateRequest changes in web.config have no effect in ASP.NET MVC. It's enabled by default and you need to use an attribute to enable/disable it.

See this reference:

http://stephenwalther.com/blog/archive/2009/02/20/tip-48-ndash-disable-request-validation.aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ValidateInput Attribute Doesn't Seem To Work in ASP.NET MVC web.config that worked under IIS 7.5 doesn't work under IIS 10 HttpModule doesn't seem to work cache busting using url-rewrite doesn't seem to work in iis Thread doesn't seem to be running in the background Export to word with a filename doesn't seem to work Mark of the web, comment doesn't seem to work If statement doesn't seem to work in a stringbuilder (WebMethod) JQuery Doesn't seem to work for server control jquery fade doesn't seem to work
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM