如何禁用请求验证没有设置RequestValidationMode到2.0？ [英] How do I disable request validation without setting RequestValidationMode to 2.0?

问题描述

我们刚刚升级到ASP.NET 4.0，并发现requestValidation不再起作用。 MSDN文档表明，我们需要设置<一个href="http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx">requestValidationMode在web.config中，以2.0：

We've just upgraded to ASP.NET 4.0, and found that requestValidation no longer works. The MSDN docs suggest we need to set requestValidationMode in web.config to 2.0:

  
• 4.0（默认值）。该型Htt prequest对象在内部设置一个标志，指示请求验证应被触发时   任何HTTP请求数据的访问。这保证了请求   验证数据，如cookies和URL是之前触发   请求期间访问。的请求验证设置   网页元件（如果有的话）中的@页配置文件或者   指令在一个单独的页面都将被忽略。
  
• 2.0。请求验证启用仅用于网页，而不是所有的HTTP请求。此外，请求验证的页面设置   元素（如果有的话）@ Page指令的配置文件或   在个体页被用于哪些页面请求确定要   验证。
  

• 4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are ignored.
• 2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

这会为我们工作，但我有点不解。看来，我们把它变成遗产/兼容模式。当然，它应该能够有4.0的行为，但仍可以选择关闭这个功能在页面上？

This will work for us, however I'm a little puzzled. It seems that we're putting this into a legacy/compatibility mode. Surely it should be possible to have the 4.0 behaviour, but still have an option to turn this off on a page?

推荐答案

我找到了一种方法来实现这一点没有改变RequestValidationMode到2.0到整个网站：

I found a way to achieve this without changing RequestValidationMode to 2.0 to the whole site:

您可以箱子子目录要禁用请求验证，并添加一个新的web.config文件到这个目录与RequestValidationMode设置为2.0的页面，这样，只有这个目录将工作在2.0模式下，而不会影响其他请求将工作在4.0模式下。

You can crate a sub-directory for the page you want to disable the request validation and add a new web.config to this directory with RequestValidationMode set to 2.0, this way only this directory will work in 2.0 mode without affecting all other requests that will work in 4.0 mode.

我想你可以添加一个位置部分到主web.config中指定只有一个页面，但我没有测试过这一点呢。 事情是这样的：

I think you can add an location section to your main web.config specifying only one page, but I didn't tested this yet. Something like this:

<location path="Admin/Translation.aspx">
    <system.web>
        <httpRuntime requestValidationMode="2.0"/>
    </system.web>
</location>

希望它可以帮助你，帮我！

Hope it helps you as helped me !

这篇关于如何禁用请求验证没有设置RequestValidationMode到2.0？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！