I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
it occurs when a user try to do sql injection attack or some HTML or SCRIPT operations by entering them in Username text field of Login control. I tried many things such as enclosing the authentication login in try catch block and catching the
System.Web.HttpRequestValidationException exception also doing same for an event created by me as same as onTextChange for Username TextBox. But all these tries failed. Please tell me how to check for this exception and display a nice funny message to the attacker?
-
Can you please past an example of what the code looks like in regards to what you are trying to accomplish..?? thanksMethodMan– MethodMan2012年05月31日 16:40:14 +00:00Commented May 31, 2012 at 16:40
-
If you're using IIS7+ there's a simpler solution here:- stackoverflow.com/questions/30071341/…Iain Galloway– Iain Galloway2015年05月06日 09:38:44 +00:00Commented May 6, 2015 at 9:38
1 Answer 1
Here are a few examples of how to provide a friendlier error msg:
http://romsteady.blogspot.com/2007/06/how-to-catch-httprequestvalidationexcep.html
How to catch HttpRequestValidationException in production
The thing you need to keep in mind is that this exception is thrown before you page code happens. So you normally cannot catch the error in your page code, but only in Application_Error.
I have not tried this myself, but this site gives a alternative way to allow your page code to execute, but still protect yourself from malicious input using the built in logic, as well as catching the exception within your own code.
Comments
Explore related questions
See similar questions with these tags.