Home > ASP.NET > Creating a more decent custom request validation

Creating a more decent custom request validation

As a follow up to https://jefferytay.wordpress.com/2010/04/15/creating-your-own-custom-request-validation/. Usually the time when you want to disable request validation is during form post and nothing else.

Using the provided code, it actually bypasses ALL validation, which may not be such a good idea.

In order to bypass only for form post, or to do your own request validation per type, use the code segment below

protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
           switch (requestValidationSource)
               case RequestValidationSource.Cookies:
               case RequestValidationSource.Files:
               case RequestValidationSource.Headers:
               case RequestValidationSource.Path:
               case RequestValidationSource.PathInfo:
               case RequestValidationSource.QueryString:
               case RequestValidationSource.RawUrl:
                   return base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex);
               case RequestValidationSource.Form:
                   //only form post data is exempt from the checks
                   validationFailureIndex = 0;
                   return true;

Just add your own checks in each of the RequestValidationSource as you deem fit. The code segment above, basically bypasses all form posts checks and uses the default check for the rest of the types

Categories: ASP.NET
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: