Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
A potentially dangerous Request.Path
Message
From
01/09/2011 15:15:23
Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada
 
 
To
01/09/2011 14:15:08
Viv Phillips
Hay-On-Wye, United Kingdom
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: A potentially dangerous Request.Path
Environment versions
Environment:
VB 9.0
OS:
Windows 7
Network:
Windows 2003 Server
Database:
MS SQL Server
Application:
Web
Miscellaneous
Thread ID:
01522446
Message ID:
01522527
Views:
22
Ok, here is the result.

It does go in the custom request validator. If I do a normal hit, one without the & character in the path, I can see it executes my code in there. The code is an Event Viewer logging. It does log 18 times the same entry however for one click. This is something I don't understand.

However, if I add the & at the end of the path, it does not execute my custom request validator. It seems IIS takes over the priority in such case and we have no way of intercepting that.

In your test, were you able to test:

http://localhost/MyDirectory
http://localhost/MyDirectory/&

Are those situations both going into your custom request validator? For me, only the first one goes.
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform