0

I am working on some asp.net MVC4 project (iis 7). To prevent "Potentialy dangerous request" message I added to the web.config file the line "httpRuntime requestValidationMode="2.0" />" It did prevent the message but another thing occurred - the url suddenly became case sensetive. When I remove this line the url return to be not case sensitive, but the message comes back.

Does someone know how can I enjoy both the advantages?

Thank a lot!

EDIT: Well, I found that the difference is that when I add this line the auth cookies (fedAuth) are difference, and for some reason the new cookies are with expire date and case sensitive. Still can't understand the reason to the difference and how to prevent it.

neriag
  • 151
  • 1
  • 9
  • [edit] your post with your `httpRuntime` node configuration. You may also have missed something in your route configuration, you should maybe add it. Using ``, I have never witnessed such a behavior. (Match remains case insensitive.) And you have probably change something else for removing that "security" feature, include it in your question (like ``). – Frédéric Mar 17 '16 at 08:01
  • This is my whole node. I have only that attribute in the httpRuntime. And I didn't changed anything else. Do you think that one of the attributes that you added is the reason? I'll try and keep you updated. – neriag Mar 17 '16 at 08:09
  • `httpRuntime` node is not enough for [disabling request validation](/a/9078107/1178314), that is why I guess you should have change something else. Anyway, your question does not provide enough facts to understand why you have such an issue, which I have never witnessed. You should probably provide more information as asked by my previous comment. This may help other to see what is going wrong in your case. – Frédéric Mar 17 '16 at 08:14
  • Could you hell me with wich details shuld I add? I'm a little bit confused. As you can see, I'm not so comfrtable with web.config. – neriag Mar 17 '16 at 08:34

1 Answers1

0

I have searched a bit how MVC on IIS could turn case sensitive, it looks like this is almost not even supposed to be supported. You likely have some custom code that goes wrong.

This could be some hack / bad logic in your routes configuration (by default located in App_Start/RouteConfig.cs). Or some bad code in your action filters, Controller.OnActionExecuting overrides, or even directly in your actions implementation.

You may also have URL Rewrite installed and badly setup. Check some examples here.

Frédéric
  • 9,364
  • 3
  • 62
  • 112