Request validation is the .NET framework’s protector against XSS. If not explicitly turned off, all ASP.NET web application will check against XSS. it is to help from un-trusted data in URL and it is by default enabled, like image below.
In ASP.NET 4 , you can’t disable the “Request Validation” on specific ASPX pages, while you can do that in earlier versions.
To revert back to 2.0 request validation mode and disable request validation on pages level, you need to specify the “requestValidationMode” to be “2.0” in your web.config
Then try now 😉
- In Page directive add: ValidateRequest=”false”
- In web.config add: <httpRuntime requestValidationMode=”2.0″ />
In .NET Framework 4.6, 4.5, 4 you can now encrypt your text using MachineKey in your web.config file. This encryption depend on System.Web.dll so you need to add reference of it before. NOTES:
- If you have multiple web front end server, then the machine key should be same on all WFEs.
- You may need to use Base64 encoding to convert encrypted or decrypted bytes to text so you can send it over HTTP,email or any textual transfer system.
private static string Encrypt(string plainText)
byte plainTextBytes = Encoding.UTF8.GetBytes(plainText);
byte encryptedBytes = MachineKey.Protect(plainTextBytes);
string encryptedText = Convert.ToBase64String(encryptedBytes);
private static string Decrypt(string encryptedText)
byte encryptedBytes = Convert.FromBase64String(encryptedText);
byte plainTextBytes = MachineKey.Unprotect(encryptedBytes);
string plainText = Encoding.UTF8.GetString(plainTextBytes);
When deploying a WCF service to IIS7 on top of Windows 7 and browse it, you may got the following error
HTTP Error 404.2 – Not Found
The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.
Solution Open IIS Manager This will open the below screen. Put check on below screen After the two changes, the screen should be like below Try now
After installing a certificate in windows store, you need to use it in your code to encrypt or decrypt the message.
You can get the serial number of the certificate by double click on the certificate.
X509Store store = new X509Store(StoreLocation.LocalMachine);
string sn = " put here your certificate serial number ";
X509Certificate2Collection coll =
store.Certificates.Find(X509FindType.FindBySerialNumber, sn, true);
if (coll != null)
X509Certificate2 myCert = coll;