Loading ...

Request Validation in ASP.NET 4.0

Who is online?  0 guests and 1 members
home  »  blogs  »  Samir NIGAM  »  Request Validation in ASP.NET 4.0

Request Validation in ASP.NET 4.0

(0)
(2336)
0
/5
Avg: 0/5: (0 votes)

posted 6/8/2010  by Samir NIGAM

As we know that request validation was enabled by default in previous versions of ASP.NET. But it was only applicable for ASPX.NET pages i.e. only for aspx files and their class files. Basically request validation provides a certain level of protection against cross-site scripting (XSS) attacks.  

In ASP.NET 4.0, request validation is enabled for all requests as it is enabled before the BeginRequest phase of an HTTP request. Thus, request validation is applicable for all ASP.NET resources requests, not just .aspx page requests but also for Web service calls, custom HTTP handlers and content reading of HTTP request by custom HTTP modules.

Due to this new feature in ASP.NET 4.0, some new request validation errors might now occur for requests that previously did not trigger errors.  There errors help to find out whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

You can revert back the ASP.NET 2.0 behavior of request validation feature, by adding the following in the Web.config file:

<httpRuntime requestValidationMode="2.0" />

 

This is also notable feature of ASP.NET 4.0.

Product Spotlight

ASP.NET Hosting Spotlight
 

Comments (no comments yet)

Add a new comment

Confirm

Latest community blog posts

  • ASP.NET: Form authentication timeout in web.config overriding the manual ticket timeout
    7 days ago by Raghav Khunger
    While working with one of the sample application I noticed that form authentication timeout in web.config was overriding the manual ticket's (which we created via code) timeout. Below is the code which was written in the application: var ticket = new FormsAuthenticationTicket(1, "UserName", DateTime...
  • jQuery: Set cursor position in textbox
    4/13/2012 by Raghav Khunger
    In this blog I will show how to select a range of characters in textbox with jquery. In my demo I have used one textbox and one button. On click of button arange of characters in textbox will be selected. Below is the sample code: <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="ser...
  • Could not load file or assembly 'Newtonsoft.Json, Version=3.5.0.0...
    9 days ago by Raghav Khunger
    Recently we moved from Newtonsoft.Json 3.5 to 4.0 version. We noticed that we were getting Could not load file or assembly 'Newtonsoft.Json, Version=3.5.0.0.. while working with Twitter authentication which we were using in our application. The third party dll which we were using for Twitter authent...
  • jQuery Mobile Login Dialog Box
    11/17/2010 by Tim Eisenhauer
    PRODUCT SPOTLIGHT This is an addition to my series of blog posts on jQuery Mobile: jQuery Mobile Introduction & Tips To Get Started jQuery Mobile Getting Started So, if you've been following my posts so far, you should have a good overview of jQuery Mobile, it's documentation, how to set up your...
  • message icon with count disply.
    3/28/2012 by SONAL KHAIRE
    add message icon with count displayed on it as new messages come into my gridview. i want to do this in asp.net for web application.

Samir NIGAM's latest blog posts

Product Spotlight

ASP.NET Hosting Spotlight

 

Quick Vote

What kind of email newsletter would you prefer to receive from CodeAsp.Net?