A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...")
I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.
I followed all the instructions.
<httpRuntime requestValidationMode="2.0" />
check!
[ValidateInput(false)]
check!
<pages validateRequest="false" >
check!
I tried a custom validator, but it never gets instantiated.
Error stack:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
System.Web.HttpRequest.get_Form() +212
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
Any suggestions?
Answer
<httpRuntime requestValidationMode="2.0"/>
after this add
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
also in mvc3 there is an AllowHtml attribute
[AllowHtml]
public string Property{ get; set; }
here are some useful links