Validation request in .Net 1.1

I think this can be useful for everybody who can have this problem with .Net 1.1.

I break a little project I run on one of my servers, just by installing .Net 1.1 instead of the 1.0, because this happened.

I generated a database of usernames and password to provide an access for a vote section in this project.

What I didn't know with .Net 1.1, is that the team added a new feature about request validation.

So now if your user submit some specific characters like the one which can be interpreted as script functions, and submit the form, you might finish with a superb new error message like this :

A potentially dangerous Request.form value was detected from the client.

I am not complaining about this, I think it's a great security feature.

Unfortunatly my password list contains some characters interpreted as tags part like < or >.

However, the solution provided to this issue don't make me fully happy.

What you can do is to disable this new feature by adding this in your Page directive line:

 <%@ Page validateRequest="false"  % >

Or for the entire application in the Config file:

 < CONFIGURATION >
   < SYSTEM.WEB>
     < PAGES validateRequest="false" />
   < /SYSTEM.WEB>
 < /CONFIGURATION>

What is also suggested is if you disable the function, you must encode your string using Server.HtmlEncode(yourstring)

That's sound fab, but what if I want to keep the validation feature, not by default active for my application, but just when I need it ?

In this case it could be a neat stuff, and obviously I would like to use it, but there I am forced to disable it, because I don't have the time allocated to change the Page directives of all the aspx files, enable or disable which page I want to use this function.

For more details, you can read this article here.