如何为 HttpHandlers 禁用请求验证? [英] How can Request Validation be disabled for HttpHandlers?

问题描述

是否可以禁用 HttpHandler 的请求验证?

Is it possible to disable request validation for HttpHandlers?

一些背景知识 - 我有一个使用 HttpHandler 的 ASP.NET Web 应用程序来接收来自 WorldPay 的付款响应.IIS 日志显示 WorldPay 正确调用了处理程序，但从未调用处理程序中的代码.

A bit of background - I've got an ASP.NET web application using an HttpHandler to receive the payment response from WorldPay. The IIS logs show that the handler is being called correctly from WorldPay, but the code inside the handler is never called.

如果我创建一个物理 ASPX 页面并在标题中设置 ValidateRequest=false，并将相同的代码放在 Page_Load 方法中，则调用该代码没有任何问题.

If I create a physical ASPX page and set ValidateRequest=false in the header, and put the same code in the Page_Load method, the code is called without any problems.

这解决了问题，尽管我更愿意为此使用 HttpHandler，因为它更适合此类功能，而不是使用空的 ASPX 页面，尽管这取决于是否能够禁用请求验证.

This solves the problem, though I'd prefer to stick with using an HttpHandler for this as it's better suited for this type of functionality, rather than having an empty ASPX page, though this is dependent on being able to disable request validation.

Web 应用程序使用 ASP.NET 2.0，服务器为 IIS6.

The web application is using ASP.NET 2.0 and the server is IIS6.

推荐答案

在 IIS6 上，您只需在 web.config 注册中添加 validate="false".

On IIS6 you can simply add validate="false" in the web.config registration.

<add path="handler.axd" type="Foo.Bar.MyHandler" verb="*" validate="false" />

如果有人能说明如何在 IIS7 的集成模式下实现这一点，那也将非常有帮助.

If anyone could shed some light on how to accomplish this in IIS7's integrated mode, it would be extremely helpful too.

这篇关于如何为 HttpHandlers 禁用请求验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！