I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
it occurs when a user try to do sql injection attack or some HTML or SCRIPT operations by entering them in Username text field of Login control. I tried many things such as enclosing the authentication login in try catch block and catching the
System.Web.HttpRequestValidationException
exception also doing same for an event created by me as same as onTextChange for Username TextBox. But all these tries failed. Please tell me how to check for this exception and display a nice funny message to the attacker?
Here are a few examples of how to provide a friendlier error msg:
http://romsteady.blogspot.com/2007/06/how-to-catch-httprequestvalidationexcep.html
How to catch HttpRequestValidationException in production
The thing you need to keep in mind is that this exception is thrown before you page code happens. So you normally cannot catch the error in your page code, but only in Application_Error.
I have not tried this myself, but this site gives a alternative way to allow your page code to execute, but still protect yourself from malicious input using the built in logic, as well as catching the exception within your own code.