I get the Error:
A potentially dangerous Request.Form value was detected from the
client (wresult=”
I’ve used WIF in my .NET 4.0 website, and use
<httpRuntime requestValidationType="Namespace.FederatedRequestValidator"/>
which allows me to deal with the validation, and have no issues.
I now want to use WIF in my .NET 3.5 application in VS 2008, but the above config is not valid, and .NET 3.5 doesn’t seem to have System.Web.Util.FederatedRequestValidator
How can I get around this error, preferable without turning validation off.
If I need to turn validation off, whats the best way to achieve this in VS 2008 .NET 3.5?
I ended up creating a sign in .aspx page which is a ‘middle man’ between the replying party and the STS. Call that page, and pull any extra parameters from the URL and then redirect to the STS with the sign in page .aspx as a return url.
I then made it that that page, and only that page ignored validation, which isn’t a problem since that page does nothing but call and return from the STS.