views:

167

answers:

1

I'm trying to send a string of XML as part of the query string. Normally I'd POST this XML but I'm sending it to a 3rd party system that I can't POST stuff to.

So, as it goes, I need the 3rd party system to request the services of one of the pages in my system. (explanation: the 3rd party system produces PDFs of my web pages. I give it a URL to my page, and it PDF's that page. So, the XML file contains data that I need to generate the page)

Anyway, I'm getting my query string as follows:

string data = Server.UrlEncode(xmlSnippet.ToString());

string sFullUrl = urlString + "?data=" + data;

I give the 3rd pary system this URL, and it calls my page.. except the request doesn't reach the page. It's failing into the Application_Error handler with this message:

"A potentially dangerous Request.QueryString value was detected from the client (data=[my XML data])"

As I know the data I'm sending is safe, is there any way I can make this work?

Thanks

+1  A: 

You need to disable Request Validation.

This is a hopelessly broken and ineffective “anti-cross-site-scripting” feature which, very regrettably, is turned on by default in ASP.NET. It will block access for any request containing incoming data that looks like a tag.

bobince
DaveDev