Exception message: A potentially dangerous Request.Form value was detected from the client
A recent requirement was to transfer XML documents via HTTP Post on the dotNET 2.0 platform. I had set up the “application” to receive the XML stream and save the data as a file (Sample codes demonstrates reading location from config and saving the stream; content validation not shown).
protected void Page_Load(object sender, EventArgs e)
{
using (System.IO.StreamReader reader = new System.IO.StreamReader(Request.InputStream))
{
String xmldata = reader.ReadToEnd();
Response.ContentType = "text/xml";
//Response.Write(xmldata);
Response.Write(String.Format("Bytes received: {0}", xmldata.Length));
string myConfigValue = WebConfigurationManager.AppSettings["DropOffFolder"];
if (System.IO.Directory.Exists(myConfigValue))
{
Guid g = new Guid();
g = Guid.NewGuid();
string filename = myConfigValue + g.ToString() + ".xml";
//Response.Write(filename);
using (StreamWriter sw = new StreamWriter(filename))
{ sw.Write(xmldata); }
}
Response.ContentEncoding = System.Text.Encoding.UTF8;
Response.Flush();
Response.End();
Response.Close();
}
}
During testing I had sent successfully exchanged text data. However, when I tried to send XML data I received a 500 response error from the server, which is very generic. I reviewed the event log on the server to see if IIS logged any messages and noticed the following warning:
Exception information:
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was detected from the client.
The server was validating the data stream, which is uuencoded HTML. To bypass this particular validation I added ValidateRequest="false” to the page directive. The ValidateRequest attribute checks for potentially dangerous input data that could compromise the security of your application or a scripting attack.
Note: When ValidateRequest is disabled, content can be submitted to your application; it is the responsibility of the application developer to ensure that content is properly encoded or processed.
Another way to process the data, without having to disable validation, would be to encode and decode it using Server.HtmlEncode(string) and Server.HtmlDecode(string).
Microsoft Dynamics Nav: Web Services User Credentials
ws = new GetSetCustomers_Binding();
//ws.UseDefaultCredentials = true;
System.Net.NetworkCredential cred = new System.Net.NetworkCredential("username","password","domain");
ws.UseDefaultCredentials = false;
ws.Credentials = cred;
Regsvr32: "LoadLibrary failed - The specified module could not be found"
During a recent deployment I had had an issue with the registration of a DLL. Part of the deployment process included the registration with RegSvr32. On one computer the registration failed with the error “LoadLibrary failed - The specified module could not be found”. This error was a bit troublesome as the installation process was previously successful on several other computers. I verified the path was correct, the library existed, permissions were correct and more.
I used Process Monitor to trace the activity, filtered on the Regsvr32 process, and noticed that a dependent library was missing. Process Monitor indicated, in the list, the specific file that was not found. In the end I copied the missing library to the computer and the registration was successful.