When I access the URL /x:) of my ASP.NET MVC 5 app I get this error:
A potentially dangerous Request.Path value was detected from the client (:).
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9939892
System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53
This is the full stack trace.
I want to disable request validation entirely. I don't need it and I need to process even strange URLs like this one.
I have applied all of these settings but they did not work:
<httpRuntime targetFramework="4.7.2" requestValidationMode="2.0" />
<pages validateRequest="false" />
[ValidateInput(false)]
How can I avoid request validation entirely?
To allow special characters in your URL path you should modify the requestPathInvalidCharacters parameter in web.config like this:
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>,%,&,:,\,?" />
</system.web>
Note, I've just removed the asterisk (*), the original default string is:
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />