我在使用WIF時也收到請求驗證錯誤。我正確地發送到STS,但在回來的路上,我得到這個驗證錯誤。從客戶端檢測到有潛在危險的Request.Form值(wresult =「<trust:RequestSecuri ...」)
我遵循了所有的指示。
<httpRuntime requestValidationMode="2.0" />
檢查!
[ValidateInput(false)]
檢查!
<pages validateRequest="false" >
檢查!
我試過了一個自定義驗證器,但它永遠不會被實例化。
錯誤堆棧:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
System.Web.HttpRequest.get_Form() +212
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
有什麼建議?
更好的方法是添加一個特定的驗證器,如[本答案](http:// stackoverflow)中所述。COM /問題/ 5443563 /潛在危險請求外形在-wsfederationauthenticationmodule-issigninre/5446288#5446288)。 –
這裏描述了處理這個問題的正確方法[1]。 [1]:http://stackoverflow.com/questions/5443563/potentially-dangerous-request-form-in-wsfederationauthenticationmodule-issigninre/5446288#5446288 –
@Eugenio是的,這就是我所說的。 :-) –