- security error?
- Posted by Angel on August 26th, 2003
Please help!
I have Active Dir, Exchange and SQL 2000 on the same Win
2000 server machine. Installed CRM OK. Made security
service dependent as outlined in deployment guide. Created
an account in CRM and can browse around, but cannot save
anything. The error I am getting is:
Server Error in '/' Application.
-----------------------------------------------------------
---------------------
A potentially dangerous Request.Form value was detected
from the client
(crmFormSubmitXml="<activity><activityt...").
Description: Request Validation has detected a potentially
dangerous client input value, and processing of the
request has been aborted. This value may indicate an
attempt to compromise the security of your application,
such as a cross-site scripting attack. You can disable
request validation by setting validateRequest=false in the
Page directive or in the configuration section. However,
it is strongly recommended that your application
explicitly check all inputs in this case.
Exception Details:
System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(crmFormSubmitXml="<activity><activityt...").
Source Error:
An unhandled exception was generated during the execution
of the current web request. Information regarding the
origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A
potentially dangerous Request.Form value was detected from
the client (crmFormSubmitXml="<activity><activityt...").]
System.Web.HttpRequest.ValidateString(String s, String
valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection
(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context)
+18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplicat
ion+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep
step, Boolean& completedSynchronously) +87
-----------------------------------------------------------
---------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.535; ASP.NET Version:1.1.4322.535
- Posted by Matt Parks on August 26th, 2003
Angel,
CRM doesn't support the 1.1 .Net framework. You will need to backup to the
1.0 sp2 framework in order to get CRM to work. This may also require you to
re-install CRM afterwards, I'm not sure.
HTH,
Matt
"Angel" <angel@cnsi.ca> wrote in message
news:086301c36bed$590d7060$a001280a@phx.gbl...
Please help!
I have Active Dir, Exchange and SQL 2000 on the same Win
2000 server machine. Installed CRM OK. Made security
service dependent as outlined in deployment guide. Created
an account in CRM and can browse around, but cannot save
anything. The error I am getting is:
Server Error in '/' Application.
-----------------------------------------------------------
---------------------
A potentially dangerous Request.Form value was detected
from the client
(crmFormSubmitXml="<activity><activityt...").
Description: Request Validation has detected a potentially
dangerous client input value, and processing of the
request has been aborted. This value may indicate an
attempt to compromise the security of your application,
such as a cross-site scripting attack. You can disable
request validation by setting validateRequest=false in the
Page directive or in the configuration section. However,
it is strongly recommended that your application
explicitly check all inputs in this case.
Exception Details:
System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(crmFormSubmitXml="<activity><activityt...").
Source Error:
An unhandled exception was generated during the execution
of the current web request. Information regarding the
origin and location of the exception can be identified
using the exception stack trace below.
Stack Trace:
[HttpRequestValidationException (0x80004005): A
potentially dangerous Request.Form value was detected from
the client (crmFormSubmitXml="<activity><activityt...").]
System.Web.HttpRequest.ValidateString(String s, String
valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection
(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context)
+18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplicat
ion+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep
step, Boolean& completedSynchronously) +87
-----------------------------------------------------------
---------------------
Version Information: Microsoft .NET Framework
Version:1.1.4322.535; ASP.NET Version:1.1.4322.535
- Posted by Alex Polkhovsky on August 26th, 2003
Someone posted a workaround earlier:
Modify your web.config file. You need validateRequest="false" in the
<pages/> node.
Here is an example:
<system.web>
<compilation defaultLanguage="C#" debug="false"/>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<pages buffer="true" enableSessionState="false"
enableViewState="false" validateRequest="false"/>
<sessionState mode="Off"/>
<customErrors mode="Off"/>
</system.web>
"Angel" <angel@cnsi.ca> wrote in message news:<086301c36bed$590d7060$a001280a@phx.gbl>...
- Posted by angel on August 27th, 2003
I rolled back to .net framework sp2 and reinstalled CRM
and it worked.
But I will prefer using .net framework 1.1 if possible...
