A potentially dangerous Request.QueryString value was detected

[Vinay Panchal]

Hi,

The querystring contains a custom error message while we are trapping
any duplicate record entry. The exact string is
as given below:

"Adding the record failed.<br>Error Code: 2627<br>Error Description:
Duplicate value."

The same thing works find on development m/c whereas on most of the m/c
its throwing the said error message.

Hope this will be of any use.

regards

Vinay

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[Patrice Scribe]

It's likely that < and > are disallowed in the query string (to prevent
someone injecting javascript code in the query string that could then be
executed). I don't know if this an ASP.NET setting or if a tool such as
URLSCAN is in use...

for now you may want to adjust this setting but generally it's preferable to
avoid passing such things in the querystring. Yo'ull find some details at
[url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/[/url]
news/crssite.asp and especially a link to
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q252985&sd=tech[/url]


--

"Vinay Panchal" <vinay@vbsoftindia.com> a écrit dans le message de news:
#5DR45eRDHA.1324@TK2MSFTNGP11.phx.gbl...

> Hi,
>
> The querystring contains a custom error message while we are trapping
> any duplicate record entry. The exact string is
> as given below:
>
> "Adding the record failed.<br>Error Code: 2627<br>Error Description:
> Duplicate value."
>
> The same thing works find on development m/c whereas on most of the m/c
> its throwing the said error message.
>
> Hope this will be of any use.
>
> regards
>
> Vinay
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!

[Vinay Panchal]

Thanks. i will try removing the <br> tags and let u know if it works.




*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[Egbert Nierop \(MVP for IIS\)]

"Vinay Panchal" <vinay@vbsoftindia.com> wrote in message
news:%237UQ1upRDHA.2196@TK2MSFTNGP11.phx.gbl...

>
> Thanks everybody for the help.
> It works after removing the script tags from the querystring parameter.
>
> Still if anybody can find any other solution to this, its always welcome

To me this feature is an MS overreaction on security

<?xml version="1.0"?>
<configuration>
<system.web>
<pages validateRequest="false"/>
etc

--
compatible web farm Session replacement for Asp and Asp.Net
[url]http://www.nieropwebconsult.nl/asp_session_manager.htm[/url]

> regards
>
> Vinay
>
>
> *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
> Don't just participate in USENET...get rewarded for it!