This project has moved. For the latest updates, please go here.

Initial set up question

Oct 22, 2010 at 6:22 PM

Thank you for this nice blog program. With the help of my server support team, orcsweb.com, my installation has been created, however, I have not been able to post a first post successfully. 

I need specific instructions from someone on how to fix this. I do know how to alter the webconfig file, but I guess I'm not sure if that is what I should do. Will this create an insecurity? Is this standard practice?

If anyone can help me, thanks in advance!! ALSO, how can we tell more info about THEMES, like whether they are set at 100% or specific width, without downloading them to view. 

I went to a weekend school program to learn Microsoft web technologies and am still a student, realistically.

Here is the error message:

Server Error in '/blog' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (ctl00$MainRegion$txtContent="<p>
This is a test..."). 
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainRegion$txtContent="<p>
This is a test...").

Source Error: 

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

  <%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
   <system.web>
       <compilation debug="true"/>
   </system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.  

Stack Trace: 


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainRegion$txtContent="<p>
    This is a test...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11314196
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
   System.Web.HttpRequest.get_Form() +186
   System.Web.HttpRequest.get_HasForm() +11317092
   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +141
   System.Web.UI.Page.DeterminePostBackMode() +163
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11270399
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +11269918
   System.Web.UI.Page.ProcessRequest() +119
   System.Web.UI.Page.ProcessRequest(HttpContext context) +167
   ASP.graffiti_admin_posts_write_default_aspx.ProcessRequest(HttpContext context) in c:\ASPNetTemp\blog\78de647d\e9e993c0\App_Web_gc3kc1z1.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +597
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +266

Oct 22, 2010 at 7:35 PM

Hi, I think you're getting the exception because you're on a .NET 4.0 server, which has tighter validation than .NET 2.0-3.5. As the description says, you should place: <httpRuntime requestValidationMode="2.0" /> in the httpRuntime section of your web.config. Your server will then have the same validation as .NET 2.0-3.5, so there shouldn't be a security risk. I've done it on all my sites with Graffiti and other applications and it seems to work fine. Some day I'll study up on how to make my sites fully compliant with the tighter validation rules of .NET 4.0, though I expect third-party WYSIWYG editors like graffiti uses will have to be upgraded first.

John

Oct 22, 2010 at 8:29 PM

Wow, thanks for your fast reply. Would this be only in the web config file in the blog directory, or in the base web config file as well? (I told you I am a student!!)

Many thanks

From: bayloafer [mailto:notifications@codeplex.com]
Sent: Friday, October 22, 2010 3:23 PM
To: may@fastzone.com
Subject: Re: Initial set up question [graffiticms:231993]

From: bayloafer

Hi, I think you're getting the exception because you're on a .NET 4.0 server, which has tighter validation than .NET 2.0-3.5. As the description says, you should place: <httpRuntime requestValidationMode="2.0" /> in the httpRuntime section of your web.config. Your server will then have the same validation as .NET 2.0-3.5, so there shouldn't be a security risk. I've done it on all my sites with Graffiti and other applications and it seems to work fine. Some day I'll study up on how to make my sites fully compliant with the tighter validation rules of .NET 4.0, though I expect third-party WYSIWYG editors like graffiti uses will have to be upgraded first.

John

Read the full discussion online.

To add a post to this discussion, reply to this email (graffiticms@discussions.codeplex.com)

To start a new discussion for this project, email graffiticms@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com

Oct 24, 2010 at 10:18 PM

Just put it in the web.config in your Graffiti directory.

Oct 25, 2010 at 1:31 AM

Glad there is a thread for this since I have just run into the issue tonight. I don't however see a place in the web.config to put "<httpRuntime requestValidationMode="2.0" />." I played around with it for about an hour with no luck, does anyone have an update on this?

Coordinator
Oct 25, 2010 at 1:45 AM

Goes within the <system.web> section

Oct 25, 2010 at 1:48 AM

Weird, thought I tried that. Thanks again!