ASP.NET ValidateRequest & XML in Standard HTML Forms

Question

I have a very basic ASP.NET web site. It has a single page (TestPage.aspx) that I want to be able to launch using a POST request with some XML input. The basic HTML page that launches the request looks like this:

<html>
<head>
</head>
<body>
    <form action="http://webserver/TestPage.aspx" name="Launch" method="post">
        <input type="hidden" name="XMLmsg" value="<initialize>...</initialize>">
        <input type="submit" value="Submit">
    </form>
</body>
</html>

When the TestPage launches, however, I get the easily 'Google-able' "A potentially dangerous Request.Form value was detected from the client" error message.

It seems like the solution would be to put ValidateRequest="false" into my TestPage.aspx file, right? I thought so, too. And the internet told me the same thing. The only problem is...that didn't change anything. I still get the error.

I really need to be able to parse this XML. What can I do?

Answer 1

Well, I finally managed to get a solution to my problem, even if it's not perfect.

You can follow this link to a forum post where the whole process is tracked. The gist of it is that even added the necessary attributes didn't stop ASP.NET from validating requests from a standard HTML page, so I had to resort to writing a CGI app to accept the request and parse the inputs before sending back the necessary response.

For information on writing CGI for ASP.NET you can go here.

Is it optimal? No. Is it clean? Not exactly. Does it work? Yes.