Alternative to ValidateRequest="false"

asp.net http-post validate-request
Homer picture Homer · Oct 10, 2012 · Viewed 14.7k times · Source

Is there a way to prevent the error "A potentially dangerous Request.Form value was detected from the client" other than setting ValidateRequest="false"?

Update: I removed the "on the page" part. I'd like to not use ValidateRequest="false" at all, on the page or in web.config.

Answer

magnattic picture magnattic · Oct 10, 2012

Check out the new ASP.NET 4.5 request validation features.

If you set 

<httpRuntime requestValidationMode="4.5" ... />

in your web.config, values will only get validated when you access them. This is called deferred validation.

Also you can get unvalidated values via 

var s = context.Request.Unvalidated.Form["forum_post"];

Related questions

How to retrieve form values from HTTPPOST, dictionary or?

I have an MVC controller that has this Action Method: [HttpPost] public ActionResult SubmitAction() { // Get Post Params Here ... return something ... } The form is a non-trivial form with a simple textbox. Question How I access the parameter values? I am not …

Read More
How to Get the HTTP Post data in C#?

I am using Mailgun API. There is a section that I need to provide a URL to them, then they are going to HTTP Post some data to me. I provide this URL (http://test.com/MailGun/Webhook.aspx) to …

Read More
Getting a POST variable

I am using C# with ASP.NET. How do I check if a parameter has been received as a POST variable? I need to do different actions if the parameter has been sent via POST or via GET.

Read More