问题
I have an ASP.NET Web Site running in Visual Studio dev-fabric (azure project) and am using ACS and WIF. My authentication process isn't working because after I login I get this:
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
The documentation states that I need to add
<pages validateRequest="false" />
and
<httpRuntime requestValidationMode="2.0" />
And I did - but I'm still getting the error. I've also added validateRequest="false" at the page level. But nada - still getting the same error.
These steps seem to have fixed the issue for other posters - is it something to do with running in dev-fabric perhaps?
回答1:
I hadn't realised, but I'd accidentally added these settings within a location tag created by WIF:
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
<!-- wrong! -->
</system.web>
</location>
<system.web>
<!-- right! -->
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
来源:https://stackoverflow.com/questions/7773942/validaterequest-false-not-working-even-with-requestvalidationmode-2-0