This is a follow up to my post back in August: http://stackoverflow.com/questions/1225042/asks-for-ad-credentials-connection-interrupted-on-postback
The issue popped up again for a new record and I have determined that the offending text is "... Sharepoint site[semi-colon] update team schedule ...". Notice that "[semi-colon] update team"? It's perfectly valid, not SQL injection. Change it to a comma, it submits no problem. Change the "update" to another SQL keyword, the user gets prompted for their credentials (which are always rejected) and then displays the IIS 401.1 page.
Yes, you need to replace the [semi-colon] with the character, because SO won't let me post.
In the @Page
, I have ValidateRequest="false"
(yes, the contents from the textboxes are going through HttpUtility.HtmlEncode
as parameterized input to a stored procedure)
Any ideas?