ansaurus

Question

I can't turn off Request Validation for an ASP.NET MVC Controller

Answer 1

+4 A:

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method?

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

Robert Harvey 2009-07-10 16:07:51

In the original question, I stated that I did that. And my reference, Apress Pro ASP.NET MVC Framework, clearly states, "If you want to disable it eitherfor a specific action method or across a specific controller, you can use the [ValidateInput] filter,as follows:[ValidateInput(false)]public class MyController : Controller { ... }"

Ronnie Overby 2009-07-10 16:24:58

See http://stackoverflow.com/questions/807662/why-is-validateinputfalse-not-working

Robert Harvey 2009-07-10 16:33:02

Sorry, Ronnie. It works on my machine, whether I put the attribute on the method or the class.

Robert Harvey 2009-07-10 16:41:00

I have tried on the controller and the action. I know the view lines up with the action method, because I have only 1 view and 1 controller. I have done a complete build and rebuild. I don't understand why this will not work!

Ronnie Overby 2009-07-10 17:13:13

Ronnie, try it Keithm's way. Put ValidateRequest=false; in the constructor of your controller.

Robert Harvey 2009-07-10 17:15:26

His way didn't work either.

Ronnie Overby 2009-07-10 17:22:04

So there is something systemically wrong. Consider creating a new project with a simple controller and view, and test again. There is a counterpart in plain ASP.NET that can be tested also. Did you stumble across this post? http://stackoverflow.com/questions/1038102/asp-net-mvc-validateinputfalse-stops-working-with-xval-and-regularexpression

Robert Harvey 2009-07-10 17:30:58

Answer 2

+2 A:

Pro ASP.NET MVC Framework (p466) says the following is supposed to work:

public class MyController : Controller 
{
     public MyController {
        ValidateRequest = false;
     }
}

Keith Morgan 2009-07-10 16:37:04

It doesn't intellisense or compile there. I tried putting it into the action method (where it does intellisense), but it didn't work.

Robert Harvey 2009-07-10 16:49:25

"ValidateRequest = false;" is supposed to be in the constructor. I I had tried it on one of my controllers but transcribed it wrong.

Keith Morgan 2009-07-10 16:59:06

It does work if you put it into the constructor.

Robert Harvey 2009-07-10 17:14:42

This doesn't work either.

Ronnie Overby 2009-07-10 17:21:16

Answer 3

A:

Can you post your controller file and your view file.

This works;

MytestController--------------------------------

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;

namespace testapp.Controllers
{
    [ValidateInput(false)]
    public class MyTestController : Controller
    {

        public ActionResult Index()
        {
            return View();
        }

    }
}

MyTest(Index)-------------------------------------------------------

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Index</title>
</head>
<body>
 <% using (Html.BeginForm()) { %>
 <%= Html.TextBox("test")%>
 <button type="submit"  >Submit</button>
 <%} %>
</body>
</html>

Tony Borf 2009-07-10 17:54:19

your sample for asp.net mvc 2 does not work

NTulip 2010-04-27 15:32:16

Answer 4

A:

Who knows what was wrong.... it started working.

Ronnie Overby 2009-07-10 20:53:25

maybe you restarted the server, rebuilt the project?

NTulip 2010-04-27 15:32:34

ansaurus

tags:

views:

answers:

I can't turn off Request Validation for an ASP.NET MVC Controller

EDIT

related questions