Form - HttpRequestValidationException

Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Error

Form - HttpRequestValidationException - Backend Admin Order Form Error

Options

Previous Topic Next Topic

ray22901031		#1 Posted : Wednesday, March 1, 2023 1:11:47 PM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		Should I be concerned about this? This is the note that was added. Quote: James McFadden - Ship what you have and reduce the quantity on the order for PMLN7101 to 2. Thanks. Event code: 3003 Event message: A validation error has occurred. Event time: 3/1/2023 10:20:48 AM Event time (UTC): 3/1/2023 3:20:48 PM Event ID: f64230cfee364c4b994bf0d9c6aad0d7 Event sequence: 1197 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-133221384229902797 Trust level: Full Application Virtual Path: / Application Path: C:\inetpub\wwwroot\myradiomall.com-9.0.7\ Machine name: WWS-DED40 Process information: Process ID: 5212 Process name: w3wp.exe Account name: IIS APPPOOL\www.myradiomall.com Exception information: Exception type: HttpRequestValidationException Exception message: A potentially dangerous Request.Form value was detected from the client (Comment="... McFadden <james.mcfadden@wayn..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpValueCollection.EnsureKeyValidated(String key) at System.Web.HttpValueCollection.GetValues(String name) at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture) at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation) at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation) at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder) at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor) at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model) at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Request information: Request URL: https://www.myradiomall.com:443/Admin/Orders/AddOrderNote Request path: /Admin/Orders/AddOrderNote User host address: 172.70.130.179 User: christian@arsradio.com Is authenticated: True Authentication Type: Forms Thread account name: IIS APPPOOL\www.myradiomall.com Thread information: Thread ID: 61 Thread account name: IIS APPPOOL\www.myradiomall.com Is impersonating: False Stack trace: at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpValueCollection.EnsureKeyValidated(String key) at System.Web.HttpValueCollection.GetValues(String name) at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture) at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation) at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation) at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder) at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor) at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model) at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext) at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Custom event details:


User Profile View All Posts by User View Thanks


	Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

nadeem		#2 Posted : Thursday, March 2, 2023 8:49:23 AM(UTC)
Rank: Advanced Member Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin Joined: 10/11/2018(UTC) Posts: 110 Thanks: 19 times Was thanked: 18 time(s) in 18 post(s)		Hi Ray, This error will be registered in event log if you try to add HTML in the comments like this: <p>James McFadden - Ship what you have and reduce the quantity on the order for PMLN7101 to 2. Thanks</p> The message will not be posted if you insert the HTML in the note text area. So this isn't the valid scenario. You can add the HTML if this is an HTML editor. Hope this helps! Edited by user Thursday, March 2, 2023 8:51:12 AM(UTC) \| Reason: Not specified


User Profile View All Posts by User View Thanks

ray22901031		#3 Posted : Thursday, March 2, 2023 9:02:01 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		Hello nadeem, I believe you are missing the boat; no one entered any HTML information. A note was added by one of my sales associates using the admin area in orders. Furthermore, please see the new error message below. This is a new server, so is there anything that could be off at the new server? Thanks, -Ray Event code: 3005 Event message: An unhandled exception has occurred. Event time: 3/1/2023 6:42:13 PM Event time (UTC): 3/1/2023 11:42:13 PM Event ID: 904f5742744843ea9289b94dee9d8f6e Event sequence: 4834 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-133221384229902797 Trust level: Full Application Virtual Path: / Application Path: C:\inetpub\wwwroot\myradiomall.com-9.0.7\ Machine name: WWS-DED40 Process information: Process ID: 5212 Process name: w3wp.exe Account name: IIS APPPOOL\www.myradiomall.com Exception information: Exception type: HttpException Exception message: Exception of type 'System.Web.HttpException' was thrown. at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Request information: Request URL: https://www1.myradiomall.com:443/Trace.axd Request path: /Trace.axd User host address: 167.172.96.177 User: Is authenticated: False Authentication Type: Thread account name: IIS APPPOOL\www.myradiomall.com Thread information: Thread ID: 43 Thread account name: IIS APPPOOL\www.myradiomall.com Is impersonating: False Stack trace: at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Custom event details:


User Profile View All Posts by User View Thanks

nadeem		#4 Posted : Thursday, March 2, 2023 9:15:04 AM(UTC)
Rank: Advanced Member Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin Joined: 10/11/2018(UTC) Posts: 110 Thanks: 19 times Was thanked: 18 time(s) in 18 post(s)		Quote: believe you are missing the boat; no one entered any HTML information. A note was added by one of my sales associates using the admin area in orders. I was able to reproduce the same warning in event logs (Windows logs -> Application) while putting the HTML in order note from merchant admin. Quote: Furthermore, please see the new error message below. This is a new server, so is there anything that could be off at the new server? Ok, will check if I can find something based on the new error message.


User Profile View All Posts by User View Thanks

ray22901031		#5 Posted : Thursday, March 2, 2023 9:27:20 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		Quote: I was able to reproduce the same warning in event logs (Windows logs -> Application) while putting the HTML in order note from merchant admin. Again, no one put any HTML code in the order notes area. My people have no idea what HTML is. Thanks


User Profile View All Posts by User View Thanks

nadeem		#6 Posted : Thursday, March 2, 2023 9:48:24 AM(UTC)
Rank: Advanced Member Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin Joined: 10/11/2018(UTC) Posts: 110 Thanks: 19 times Was thanked: 18 time(s) in 18 post(s)		Ok, this could be the IIS configuration issue then. I am sure you have the .Net framework 4.8 installed. Do you have proper permissions set to the application pool? Also, make sure the application pool is using .Net 4.5 (Integrated). You can compare the IIS configurations with the old server to make sure nothing is missing. Also try removing Temporary ASP.NET files and restarting the application pool. If nothing works, you can try adding the requestValidationMode="2.0" attribute inside <httpRuntime in the web.config e.g. <httpRuntime targetFramework="4.8" maxRequestLength="20480" requestValidationMode="2.0" /> Edited by user Thursday, March 2, 2023 9:55:34 AM(UTC) \| Reason: Not specified


User Profile View All Posts by User View Thanks

ray22901031		#7 Posted : Thursday, March 2, 2023 10:00:15 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		I appreciate your interest in this matter. Yes, obviously, the system is running framework 4.8. The app pool is set to integrated, but does not list any other information. How can you tell if it's .Net 4.5 as specified in your message? The old system was also set to integrated, but made no reference to 4.5. Thanks


User Profile View All Posts by User View Thanks

nadeem		#8 Posted : Thursday, March 2, 2023 10:06:50 AM(UTC)
Rank: Advanced Member Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin Joined: 10/11/2018(UTC) Posts: 110 Thanks: 19 times Was thanked: 18 time(s) in 18 post(s)		Quote: The app pool is set to integrated, but does not list any other information. How can you tell if it's .Net 4.5 as specified in your message? Click on Application Pools in IIS, on the right side pane you will see the details.


User Profile View All Posts by User View Thanks

ray22901031		#9 Posted : Thursday, March 2, 2023 10:10:02 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		There is no mention of 4.5, only 4.0 integrated. This was the same in the old server, and this is the same in all my development servers. Please point in your instructions where the 4.5 integrated App Pool is recommended or mandatory. I have been running the system on 4.0 integrated for the last 1.5 years. Thanks


User Profile View All Posts by User View Thanks

nadeem		#10 Posted : Friday, March 3, 2023 5:41:44 AM(UTC)
Rank: Advanced Member Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin Joined: 10/11/2018(UTC) Posts: 110 Thanks: 19 times Was thanked: 18 time(s) in 18 post(s)		Quote: Please point in your instructions where the 4.5 integrated App Pool is recommended or mandatory. The .NET 4.5,4.6,4.7,4.8 are actually the in-place replacements for .NET 4.0. That being said, these all are using same .NET CLR Version (v4.0). So if you have .NET 4.0 set to your App pool, then that should be correct and work as expected. By the way, you can enable .Net framework versions from IIS Manager. See screenshot attached from my PC (windows 10 turn windows features on/off). trun-on-www-features.GIF (8kb) downloaded 0 time(s).


User Profile View All Posts by User View Thanks

ray22901031		#11 Posted : Friday, March 3, 2023 7:15:36 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		I figured as much after doing some research on the Microsoft website. The in-place replacements are built into Server 2019, so my settings are correct. Please tell me if you find any additional information on the problems I am describing. I appreciate your explanation. Thanks, -Ray


User Profile View All Posts by User View Thanks

judy e		#12 Posted : Friday, March 3, 2023 8:20:02 AM(UTC)
Rank: Advanced Member Groups: Developers Joined: 11/7/2018(UTC) Posts: 312 Thanks: 21 times Was thanked: 6 time(s) in 6 post(s)		Ray, are you sure your employee didn't copy the user name from somewhere there was an email address hidden, like a link or the from address in an email? The error log is showing that someone did try to enter an email address. McFadden <james.mcfadden@wayn


User Profile View All Posts by User View Thanks

ray22901031		#13 Posted : Friday, March 3, 2023 8:25:33 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 911 Thanks: 3 times Was thanked: 15 time(s) in 15 post(s)		That is a good point and I will ask when I get to the office. But according to support it would not have been posted and it was. What is interesting about this, this error never showed up on the AbleCommerce error logs, only on the windows logs. Go figure. As you know, we just moved from a 2016 server with problems to a brand new 2019, so I might be oversensitive looking at things. Appreciate the feedback and we'll let you know. Thanks, -Ray


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest (5)

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2025, Yet Another Forum.NET
This page was generated in 0.267 seconds.

Important Information: The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close