Cannot disable ASP.NET request validation for URL "/x:)"

Question

Cannot disable ASP.NET request validation for URL "/x:)"

When I access the URL /x:) of my ASP.NET MVC 5 app I get this error:

A potentially dangerous Request.Path value was detected from the client (:). 

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).]
   System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9939892
   System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

This is the full stack trace.

I want to disable request validation entirely. I don't need it and I need to process even strange URLs like this one.

I have applied all of these settings but they did not work:

<httpRuntime targetFramework="4.7.2" requestValidationMode="2.0" />
<pages validateRequest="false" />
[ValidateInput(false)]

How can I avoid request validation entirely?

asp.net

.net

request-validation

asked on Stack Overflow Oct 23, 2018 by

boot4life

1 Answer

To allow special characters in your URL path you should modify the requestPathInvalidCharacters parameter in web.config like this:

<system.web>
    <httpRuntime requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?" />
</system.web>

Note, I've just removed the asterisk (*), the original default string is:

<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" />

answered on Stack Overflow Oct 23, 2018 by

Muhammad Usman

User contributions licensed under CC BY-SA 3.0