March 11, 2014

I was working on a site with a few input fields and one of those would accept xml. When I ran the code, it failed with with the message "A Potentially dangerous Request.Form was detected." Usually, I would set ValidateRequest to false when these kind of errors occur and validate on the backend but I realised it does not work in .NET 4 anymore. Well, at least, not without changing the web.config file.

So, I added the following section (requestValidateMode) in web.config and ran the page and it worked fine.

  1. <system.web>
  2.   <compilation debug="false" targetFramework="4.0"/>
  3.   <httpRuntime requestValidationMode="2.0"/>
  4. </system.web>


Reference: Shahed Kazi at