ASP.NET 4 Request Validation at Page Level

Request validation is the .NET framework’s protector against XSS. If not explicitly turned off, all ASP.NET web application will check against XSS. it is to help from un-trusted data in URL and it is by default enabled, like image below.

RequestValidation1In ASP.NET 4 , you can’t disable the “Request Validation” on specific ASPX pages, while you can do that in earlier versions.

RequestValidation2

Solution

To revert back to 2.0 request validation mode and disable request validation on pages level, you need to specify the “requestValidationMode” to be “2.0” in your web.config

RequestValidation3

Then try now 😉

RequestValidation4

Summery

  1. In Page directive add: ValidateRequest=”false”
  2. In web.config add: <httpRuntime requestValidationMode=”2.0″ />

Using New Code Nuggets in ASP.NET4

We will talk about new feature in ASP.NET 4.

Suppose you have the following code-behind property and you need to use it in ASPX page.

 

 

In ASPX page you can render the property MyContent like below:

 

 

And this will render the below output:

This is an XSS (cross-site script injection) and the developer should be aware of this, so he should do an HTMLEncode

 

Because of many developer may forget to do this, ASP.NET introduced the below code nugget

Now, the result will be;

Summery

Substracting Two Dates in DataGrid

When you need to subtract two days in data grid use the following:

<asp:TemplateColumn HeaderText="Duration">
       <ItemTemplate>
           <DevControls:Label runat="server" ID="lbl" Text='<%# (((DateTime)Eval("EndDateTime"))-((DateTime)Eval("StartDateTime"))).TotalDays + "Day/Days" %>' />
       </ItemTemplate>
</asp:TemplateColumn>
<asp:BoundColumn HeaderText="StartDate" DataField="StartDateTime" DataFormatString="{0:ddd, dd/MM/yyyy}" />
<asp:BoundColumn HeaderText="FinishDate" DataField="EndDateTime" DataFormatString="{0:ddd,  dd/MM/yyyy}" />

HTTP Error 404.2 – Not Found – WCF on Windows 7 and IIS7.5

When deploying a WCF service to IIS7 on top of Windows 7 and browse it, you may got the following error

HTTP Error 404.2 – Not Found

The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.

Solution Open IIS Manager This will open the below screen. httperror403 Put check on below screen After the two changes, the screen should be like below Try now

The source was not found, but some or all event logs could not be searched.

The complete exception is :

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.

This happen when you are using in your code (C#) windows log events.

EventLog.WriteEntry(method, log_message, type);

Now, how to create this source in windows event log.

Solution

Using windows powershell.

  1. Run windows powershell under administrative privileges
  2. Run the following command New-EventLog -LogName Application -Source <YOUR SOURCE>