STS - 检测到潜在危险的Request.Form值 [英] STS - A potentially dangerous Request.Form value was detected
问题描述
我在STS的被动场景中遇到以下错误。我试图像这样使用HttpWebrequest来调用STS:
I am getting the following error in STS's passive scenario. I am trying to invoke the STS using HttpWebrequest like this:
HttpWebRequest request =(HttpWebRequest)WebRequest.Create(" https: ?//localhost/MySTS/Default.aspx的 WA = wsignin1.0&安培; wtrealm = https://开头本地主机/ EDH /&安培; wctx = RM = 0和ID =被动&安培; RU = / EDH / Default.aspx的");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://localhost/MySTS/Default.aspx?wa=wsignin1.0&wtrealm=https://localhost/edh/&wctx=rm=0&id=passive&ru=/edh/default.aspx ");
令牌成功发布,但我收到以下错误。我将ValidateRequest设置为false(在RP的web.config中,STS的Web.config)
Token is getting issued successfully, but I get the following error. I have ValidateRequest set to false everywhere (In RP's web.config, STS's Web.config)
一个潜在危险的Request.Form值从客户端检测到(wresult ="< trust:RequestSecuri ...")。
描述:请求验证检测到潜在危险的客户端输入值,并且请求的处理已中止。此值可能表示尝试破坏应用程序的安全性,例如跨站点脚本攻击。您可以通过在Page指令或配置部分中设置validateRequest = false来禁用请求验证。但是,强烈建议您的应用程序在这种情况下明确检查所有输入。
异常详细信息: System.Web.HttpRequestValidationException:从客户端检测到潜在危险的Request.Form值(wresult ="< trust:RequestSecuri ..." ;)。
来源错误:
A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").
Source Error:
[No relevant source lines]
源文件: c:\ Windows \ Microsoft Office.NET \ Framework \v2.0.50727 \Temporary ASP.NET Files\edh\e23430e7\b80f7c2b\App_Web_6lpmylhr.0.cs 线: 0
堆栈跟踪:
<表格边框= 0宽度="100%"bgcolor = "#ffffcc">
Source File: c:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\edh\e23430e7\b80f7c2b\App_Web_6lpmylhr.0.cs Line: 0
Stack Trace:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="<trust:RequestSecuri...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8723114
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111
System.Web.HttpRequest.get_Form() +129
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +114
System.Web.UI.Page.DeterminePostBackMode() +63
推荐答案
看一下这个帖子。
Take a look at this thread.
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/062992aa-35b9-433b-8436-87cfc35be66d/
HTH
这篇关于STS - 检测到潜在危险的Request.Form值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!