CODEWITHSUNDEEP
.netweb-servicesvalidation
Germstorm
Germstorm

Reputation: 9839

Web service does not accept input

I am working on a simple .Net 4.0 webservice. I created one method, which accepts a string input. I run the project in Debug mode so a page opens in my browser where I can enter an input and invoke the method of the service. Unfortunately I am getting the following error:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (xmlData="<?xml version="1.0" ...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
   at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()

I tried adding 

 <pages validateRequest="false" />

to the web.config. It does not work.

What can I do?

Upvotes: 3

Views: 4090

Answers (1)

Germstorm
Germstorm

Reputation: 9839

I found the solution:

In .Net 4 you have to add the following line under < system.web >:

 <httpRuntime requestValidationType="MyService.CustomRequestValidator" />

The CustomRequestValidator class is the validation you have to add yourself. Then simply override the bool IsValidRequestString() method and return true to eliminate validation:

/// <summary>
/// Validates the input based on some custom rules
/// </summary>
public class CustomRequestValidator : RequestValidator
{
    /// <summary>
    /// Validates a string that contains HTTP request data.
    /// </summary>
    /// <param name="context">The context of the current request.</param>
    /// <param name="value">The HTTP request data to validate.</param>
    /// <param name="requestValidationSource">An enumeration that represents the source of request data that is being validated. The following are possible values for the enumeration:QueryStringForm CookiesFilesRawUrlPathPathInfoHeaders</param>
    /// <param name="collectionKey">The key in the request collection of the item to validate. This parameter is optional. This parameter is used if the data to validate is obtained from a collection. If the data to validate is not from a collection, <paramref name="collectionKey"/> can be null.</param>
    /// <param name="validationFailureIndex">When this method returns, indicates the zero-based starting point of the problematic or invalid text in the request collection. This parameter is passed uninitialized.</param>
    /// <returns>
    /// true if the string to be validated is valid; otherwise, false.
    /// </returns>
    protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
    {
        // Set a default value for the out parameter.
        validationFailureIndex = -1;

        return true;

        //    // All other HTTP input checks are left to the base ASP.NET implementation.
        //    return base.IsValidRequestString(
        //                                        context,
        //                                        value,
        //                                        requestValidationSource,
        //                                        collectionKey,
        //                                        out validationFailureIndex);            
    }
}

}

Upvotes: 7

Related Questions