ASP.NET 4 Request Validation at Page Level

Request validation is the .NET framework’s protector against XSS. If not explicitly turned off, all ASP.NET web application will check against XSS. it is to help from un-trusted data in URL and it is by default enabled, like image below.

RequestValidation1In ASP.NET 4 , you can’t disable the “Request Validation” on specific ASPX pages, while you can do that in earlier versions.

RequestValidation2

Solution

To revert back to 2.0 request validation mode and disable request validation on pages level, you need to specify the “requestValidationMode” to be “2.0” in your web.config

RequestValidation3

Then try now 😉

RequestValidation4

Summery

  1. In Page directive add: ValidateRequest=”false”
  2. In web.config add: <httpRuntime requestValidationMode=”2.0″ />
Advertisements

Encryption Using MachineKey in .NET Framework

In .NET Framework 4.6, 4.5, 4 you can now encrypt your text using MachineKey in your web.config file. This encryption depend on System.Web.dll so you need to add reference of it before. NOTES:

  • If you have multiple web front end server, then the machine key should be same on all WFEs.
  • You may need to use Base64 encoding to convert encrypted or decrypted bytes to text so you can send it over HTTP,email or any textual transfer system.

Encrypt Method

 private static string Encrypt(string plainText)
 {
     byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

     byte[] encryptedBytes = MachineKey.Protect(plainTextBytes);

     string encryptedText = Convert.ToBase64String(encryptedBytes);

     return encryptedText;
 }

Decrypt Method

 private static string Decrypt(string encryptedText)
 {
     byte[] encryptedBytes = Convert.FromBase64String(encryptedText);

     byte[] plainTextBytes = MachineKey.Unprotect(encryptedBytes);

     string plainText = Encoding.UTF8.GetString(plainTextBytes);

     return plainText;
 }

HTTP Error 404.2 – Not Found – WCF on Windows 7 and IIS7.5

When deploying a WCF service to IIS7 on top of Windows 7 and browse it, you may got the following error

HTTP Error 404.2 – Not Found

The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.

Solution Open IIS Manager This will open the below screen. httperror403 Put check on below screen After the two changes, the screen should be like below Try now

Getting Windows Certificate using C# By Serial Number

After installing a certificate in windows store, you need to use it in your code to encrypt or decrypt the message.

Certificate

You can get the serial number of the certificate by double click on the certificate.

X509Store store = new X509Store(StoreLocation.LocalMachine); 
store.Open(OpenFlags.ReadOnly); 
string sn = " put here your certificate serial number "; 
X509Certificate2Collection coll = 
store.Certificates.Find(X509FindType.FindBySerialNumber, sn, true); 
if (coll[0] != null)
   X509Certificate2 myCert = coll[0];