Friday, July 5, 2013

Windows Identity Foundation(WIF) Request validation in .NET 4.5

I blogged before about how to solve the ‘A potentially dangerous Request.Form value was detected from the client’ error that you can get back from the ASP.NET request validation when using Windows Identity Foundation. The best way to fix it was creating a custom RequestValidator.


If you upgrade your application to use WIF in .NET 4.5 you no longer need this custom validator. Instead the only thing you need to do is setting the RequestValidation option to 4.5 mode in your web.config:

<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />

WIF now plays nicely with the request validation in ASP.NET 4.5.

No comments: