>>Again, No.
>>As I read it, if you specfy you own class derived from System.Web.Util.RequestValidator then you replace the default behaviour (which checks the RequestPathInvalidCharacters property) - although you could still call the base.IsValidRequestString() if it was useful.
>>
>>FWIW, unless you are yourself creating a request which would violate the default rules I'd leave well alone. If you *are* generating a genuine request that falls foul of the default then use the override to identify and allow it - otherwise just pass the validation operation to the base class.....
>
>Ok, I understand now.
>
>The goal here is to avoid having a situation like
http://www.mydomain.com/& to be logged in the Event Viewer. As, this will make less verifications to make.
>
>Thus, I am trying to see if I can adjust the framework to take care of that automatically, and simply redirect to the domain, such as
http://www.mydomain.com.
>
>I understand I need to put that somewhere:
>
>
><ConfigurationPropertyAttribute("requestValidationType", DefaultValue := "System.Web.Util.RequestValidator")> _
><StringValidatorAttribute(MinLength := )> _
>Public Property RequestValidationType As String
> Get
> Set
>End Property
>>
>In it, I need to define my own class name to validate. Then, I need to set up the class such as:
>
>
> Public Class CustomRequestValidation
> Inherits RequestValidator
>
> Public Sub New()
> End Sub
>
> Protected Overloads Overrides Function IsValidRequestString(ByVal context As HttpContext, ByVal value As String, _
> ByVal requestValidationSource__1 As RequestValidationSource, ByVal collectionKey As String, _
> ByRef validationFailureIndex As Integer) As Boolean
>
> ' Set a default value for the out parameter
> validationFailureIndex = -1
>
> ' This application does not use RawUrl directly so you can ignore the check
> If requestValidationSource__1 = RequestValidationSource.RawUrl Then
> Return True
> End If
>
> ' Allow the query-string key data to have a value that is formated like XML
> If (requestValidationSource__1 = RequestValidationSource.QueryString) AndAlso (collectionKey = "data") Then
>
> ' The query-string value "<example>1234</example>" is allowed
> If value = "<example>1234</example>" Then
> validationFailureIndex = -1
> Return True
> Else
>
> ' Leave any further checks to ASP.NET
> Return MyBase.IsValidRequestString(context, value, requestValidationSource__1, collectionKey, validationFailureIndex)
>
> End If
>
> Else
>
> ' All other HTTP input checks are left to the base ASP.NET implementation.
> Return MyBase.IsValidRequestString(context, value, requestValidationSource__1, collectionKey, validationFailureIndex)
>
> End If
>
> End Function
>
> End Class
>
>
>...where all the code in it, up until the last Else, would be adjusted to verify for such possibiity and redirect to the domain.
>
>This class can go in my Global.vb. However, I am not sure where to drop the RequestValidationType property section.
You can specify the replacement validation in web.config:
<configuration>
<system.web>
<httpRuntime requestValidationType = "{namespace}.CustomRequestValidation,{assemblyname}"/>
</system.web>
</configuration>
