A potentially dangerous Request...

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
11/13/2010 12:49:33 PM
Gravatar
Total Posts 383
Thanks Squire Dude

A potentially dangerous Request...

Hi,

I have just installed a fresh copy of MoJo Portal to a Shared Server and I think I still have a permissions issue.  The server admins said they changed the folder permissions but now when I sign in the Edit the first page I get the error below when I try to "Update" for page.  I am getting the following error after I changed CustomErrors = Off & Debug=True...

Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>
Welcome to the...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>
Welcome to the...").

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$mainContent$edContentinnerEditor="<p>
Welcome to the...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8734868
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
System.Web.HttpRequest.get_Form() +114
System.Web.HttpRequest.get_HasForm() +8900239
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
System.Web.UI.Page.ProcessRequest() +78
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.htmledit_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\bb492f76\a7c92227\App_Web_ud0b5ndj.0.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

 


--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

11/13/2010 4:15:38 PM
Gravatar
Total Posts 1203
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: A potentially dangerous Request...

A quick search of the forum found a number of topics about this. Have you tried going through these yet?

11/13/2010 5:16:49 PM
Gravatar
Total Posts 383
Thanks Squire Dude

Re: A potentially dangerous Request...

Jamie,

I did check the out.  None seemed to fit my error message.  One referred to an upgrade and the web.config using new or old.  Others referred to several other specific pages.

Thanks for the link and I do keep looking until a solution is presented to me.

Thanks

Squire Dude

11/13/2010 5:38:07 PM
Gravatar
Total Posts 18439

Re: A potentially dangerous Request...

Jamie gave you the right info.

As indicated in other threads, you are either running the .NET 3.5 version of mojoPortal under .NET 4 (the error shows you are using .NET 4) or you kept your old web.config file instead of using the one that ships with mojoPortal.

Hope it helps,

Joe

11/13/2010 8:19:51 PM
Gravatar
Total Posts 383
Thanks Squire Dude

Re: A potentially dangerous Request...

Joe,

Not sure how that could have happened as this is a fresh/new install not an upgrade.  There was nothing to upgrade or web.config to mix up.  The process I took was to upload the .ZIP file of mojoportal and the admins to the hosting company unzipped it and made the folders read/write.  Is there any way the admins could have got something wrong?  Got any ideas how I can check which version of .NET being used?  I am on a Shared server.

Okay I looked at teh log and it does show that the site is running on .NET 4.0 (at ASP.htmledit_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\root\bb492f76\a7c92227\App_Web_ud0b5ndj.0.cs:line 0)...

So since this is a new install and there is no web.config for .NET 3.5 which settings do I need to change in the web.config to bring it in line with .NET 4.0?
 

System Information
mojoPortal Version 2.3.5.5 MSSQL
Operating System Microsoft Windows NT 5.2.3790 Service Pack 2
ASP.NET Info v4.0.30319 Running in Full Trust
Server Time Zone Eastern Standard Time
Server Local Time (GMT -5) 11/13/2010 9:17:40 PM
Greenwich Mean Time (GMT/UTC) 11/14/2010 2:17:40 AM
 

Does this help at all hope so?

Thanks

P.S.
I just noticed something... I am able to create and modify pages created under different types such as Blog, forum, About, etc.  The only page which seems to have this error is the first "Welcome" page.

 

11/14/2010 6:18:28 AM
Gravatar
Total Posts 18439

Re: A potentially dangerous Request...

The best solution is re-install mojoPortal using the package for .NET 4 like mojoportal-2-3-5-5-mssql-net40-deploymentfiles.zip

what you have installed is mojoportal-2-3-5-5-mssql-net35-deploymentfiles.zip which is the package for .NET 3.5

You "could" modify the web.config to resolve this particular issue but it will still be running the 3.5 .NET version of mojoPortal under .NET 4, it is much better to install the version of mojoPortal for .NET 4 since you have .NET 4 hosting. 

Best,

Joe

11/14/2010 8:48:18 AM
Gravatar
Total Posts 383
Thanks Squire Dude

Re: A potentially dangerous Request...

Good morning Joe,

Thanks for the advise and support, your effort make using mojoportal much easier. 

Unfortunately I have bad news the file I downloaded and was used for the install was mojoportal-2-3-5-5-mssql-net40-deploymentfiles.zip  and one of the files that was expanded was this one... mojoPortal.Web.net35.Publish.xml
 

Is it possible that the files got mixed when they were compiled for distribution, I know how difficult it can be sometimes keeping things straight!
 

Thanks

SquireDude

11/14/2010 9:02:45 AM
Gravatar
Total Posts 18439

Re: A potentially dangerous Request...

I assure you that you can ignore that file, yes it got deployed in the package but the package is still the correct build for .NET 4.

Your first post said this:

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0".

and the mojoPortal package for .NET 4 does have this in Web.config so it would not throw that error:

<httpRuntime requestValidationMode="2.0" maxUrlLength="560" maxQueryStringLength="2048" />

therefore I conclude that you installed the 3.5 version of mojoPortal which does not have this.

Please try re-deploy the mojoPortal 2.3.5.5.mssql-net40-deploymentfiles.zip

Hope it helps,

Joe

 

11/14/2010 10:34:41 AM
Gravatar
Total Posts 383
Thanks Squire Dude

Re: A potentially dangerous Request...

Joe,

Thanks,  I'll delete the site then email the admins at the hosting company and ask them to re-run the 4.0 zip file

Thanks

Squire Dude

11/14/2010 11:18:03 AM
Gravatar
Total Posts 18439

Re: A potentially dangerous Request...

If it were me, I would not delete it, I would just backup the user.config and Web.config file and ftp the .NET 4 version of files on top of the existing files using FileZilla. No need to use a new database or anything like that.

If your host installed it for you they probably cannot or will not install the 4.0 package. The reason I say that is because many host now are integrating with the Web Platform Installer which allows them to easily install applications from the windows web app gallery. This is good that they are doing that but we are in a transition time because the version 2.0 Web Platform Installer can only install .NET 3.5 apps therefore we currently still submit the 3.5 .NET version of mojoPortal to the web app gallery. The 3.0 version of Web Platform installer will support .NET 4 but it is currently in beta. Once it comes out of beta we will begin submitting the .NET 4 package of mojoPortal to the web app gallery  instead of the 3.5 version and all will be well in the universe. So at the moment it is kind of problematic because the host supports.NET 4 (which is good) but the only package they can easily install is the package for .NET 3.5, so you end up in this situation you are in now.

It is not that difficult to install manually by ftp, particularly when you already have the database setup and probably have the connection string in user.config. All you need to do is deploy the new files and restore any customizations from the old web.config to the new one.

Hope it helps,

Joe

12/18/2010 10:29:08 AM
Gravatar
Total Posts 7
In Jackpot We Trust

Re: A potentially dangerous Request...

and the mojoPortal package for .NET 4 does have this in Web.config so it would not throw that error:

<httpRuntime requestValidationMode="2.0" maxUrlLength="560" maxQueryStringLength="2048" />

Sorry for bad english. . I tried to install on the server with the .NET 4 new  release mojoportal-2-3-5-8-b, but only got 500 error. In the web.config there is no such line.

You must sign in to post in the forums. This thread is closed to new posts.