validateRequest ="假"不工作,甚至requestValidationMode =" 2.0" [英] validateRequest="false" not working, even with requestValidationMode="2.0"
问题描述
我有一个ASP.NET网站在Visual Studio开发织物(Azure项目)运行,并且正在使用ACS和WIF。我的身份验证过程不工作,因为我登录之后,我得到这样的:
I have an ASP.NET Web Site running in Visual Studio dev-fabric (azure project) and am using ACS and WIF. My authentication process isn't working because after I login I get this:
A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").
该文件指出,我需要添加
The documentation states that I need to add
<pages validateRequest="false" />
和
<httpRuntime requestValidationMode="2.0" />
和我一样 - 但我仍然得到错误。我还添加了validateRequest =false的页面等级。不过滩 - 仍然得到同样的错误
And I did - but I'm still getting the error. I've also added validateRequest="false" at the page level. But nada - still getting the same error.
这些措施似乎已经固定的其他海报的问题 - 它是与在DEV-面料也许
These steps seem to have fixed the issue for other posters - is it something to do with running in dev-fabric perhaps?
推荐答案
我没有意识到,但我意外地被WIF创建一个位置标签中添加的这些设置:
I hadn't realised, but I'd accidentally added these settings within a location tag created by WIF:
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
<!-- wrong! -->
</system.web>
</location>
<system.web>
<!-- right! -->
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
这篇关于validateRequest =&QUOT;假&QUOT;不工作,甚至requestValidationMode =&QUOT; 2.0&QUOT;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!