显示自定义错误消息的异常:从客户端检测到有潜在危险的Request.Form值 [英] Showing custom error message on exception: A potentially dangerous Request.Form value was detected from the client
问题描述
我用我的web应用程序ASP.NET的登录控制。我想说明一个有趣的错误类型的标签上时,此异常occures System.Web.Htt prequestValidationException:从客户端检测到有潜在危险的Request.Form值
它当用户试图通过登录控制的用户名文本字段中输入他们做的SQL注入攻击或者一些HTML或脚本操作发生。我试过很多东西,如封闭在try catch块认证登录和捕捉
System.Web.Htt prequestValidationException 例外也做同样由我作为同为onTextChange文本框的用户名创建的事件。但是,所有这些尝试失败了。请告诉我如何检查此异常,并显示一个不错的搞笑消息,攻击者?
I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
it occurs when a user try to do sql injection attack or some HTML or SCRIPT operations by entering them in Username text field of Login control. I tried many things such as enclosing the authentication login in try catch block and catching the
System.Web.HttpRequestValidationException exception also doing same for an event created by me as same as onTextChange for Username TextBox. But all these tries failed. Please tell me how to check for this exception and display a nice funny message to the attacker?
推荐答案
下面是如何提供更友好的错误味精的几个例子:
Here are a few examples of how to provide a friendlier error msg:
<一个href=\"http://romsteady.blogspot.com/2007/06/how-to-catch-htt$p$pquestvalidationexcep.html\">http://romsteady.blogspot.com/2007/06/how-to-catch-htt$p$pquestvalidationexcep.html
如何捕捉Htt的prequestValidationException生产
你需要记住的事情是,你页面code发生之前此异常。所以,你通常不能捕获错误在你的页面code,但只有在的Application_Error。
The thing you need to keep in mind is that this exception is thrown before you page code happens. So you normally cannot catch the error in your page code, but only in Application_Error.
我还没有尝试过这个自己,但本网站给人以另一种方式让你的网页code来执行,但仍使用内置的逻辑,以及追赶自己的code中的异常保护自己免受恶意输入。
I have not tried this myself, but this site gives a alternative way to allow your page code to execute, but still protect yourself from malicious input using the built in logic, as well as catching the exception within your own code.
这篇关于显示自定义错误消息的异常:从客户端检测到有潜在危险的Request.Form值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
