Error Initializing Forms Authentication

ASP.NET Request Validation

The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.

In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before theBeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request.

As a result, request validation errors might now occur for requests that previously did not trigger errors. To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:

<httpRuntime requestValidationMode="2.0" />

However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

 

我的错误: 提交form时,输入 <!-- 字符

报错:Error Initializing Forms Authentication

 

具体操作:

在web.config文件中 找到 <system>节点,然后 添加:

<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false"></pages>

posted on 2015-11-23 12:59  读书学习非泡沫  阅读(209)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 读书学习非泡沫
Powered by .NET 8.0 on Kubernetes