Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

RequestValidationSource Enumeration

Specifies what kind of HTTP request data to validate.

Namespace:  System.Web.Util
Assembly:  System.Web (in System.Web.dll)
public enum RequestValidationSource
Member nameDescription
CookiesThe request cookies.

The collectionKey parameter of the IsValidRequestString method is set to the name of the cookie in the collection.

The value parameter of the IsValidRequestString method is set to the value in the collection.

FilesThe uploaded file.

The collectionKey parameter of the IsValidRequestString method is set to the name of the uploaded file in the collection.

The value parameter of the IsValidRequestString method is set to the value of the uploaded file in the collection.

FormThe form values.

The collectionKey parameter of the IsValidRequestString method is set to the name of the form parameter in the collection.

The value parameter of the IsValidRequestString method is set to the value of the form parameter in the collection.

HeadersThe request headers.

The collectionKey parameter of the IsValidRequestString method is set to the name of an HTTP header in the collection.

The value parameter of the IsValidRequestString method is set to the value of the HTTP header in the collection.

PathThe virtual path.

The collectionKey parameter of the IsValidRequestString method is set to null (Path is not a collection of values).

The value parameter of the IsValidRequestString method is set to the value of the Path field.

PathInfoAn HTTP PathInfo string, which is an extension to a URL path.

The collectionKey parameter of the IsValidRequestString method is set to null (PathInfo is not a collection of values).

The value parameter of the IsValidRequestString method is set to the value of the PathInfo field.

QueryStringThe query string.

The collectionKey parameter of the IsValidRequestString method is set to the name of the query string parameter in the collection.

The value parameter of the IsValidRequestString method is set to the value of the query-string parameter in the collection.

RawUrlThe raw URL. (The part of a URL after the domain.)

The collectionKey parameter of the IsValidRequestString method is set to null. (RawUrl is not a collection of values.)

The value parameter of the IsValidRequestString method is set to the value of the RawUrl field.

You can create a custom request validation type by implementing the RequestValidator type. When ASP.NET calls the IsValidRequestString method to validate a request, ASP.NET passes a requestValidationSource parameter to specify the source of the data being validated. The RequestValidationSource enumeration is used to specify the source or kind of request data that is being validated. The enumeration indicates the type of HTTP input that is passed in the value parameter of the IsValidRequestString method. You can use the enumeration as a way to fall back to the base request validation implementation for HTTP inputs if you do not want to validate using custom logic.

The following example shows how to create a custom request validator class that allows only a specific string for query-string values.

[Visual Basic]

Imports System
Imports System.Web
Imports System.Web.Util

Public Class CustomRequestValidation
    Inherits RequestValidator

Public Sub New()
End Sub

Protected Overloads Overrides Function IsValidRequestString( _
        ByVal context As HttpContext, _
        ByVal value As String, _
        ByVal requestValidationSource__1 As RequestValidationSource, _
        ByVal collectionKey As String, _
        ByRef validationFailureIndex As Integer) As Boolean
    validationFailureIndex = -1
    ' Set a default value for the out parameter.
    ' This application does not use RawUrl directly, so you can 
    ' ignore the check for RequestValidationSource.RawUrl.
    If requestValidationSource = RequestValidationSource.RawUrl Then
        Return True
    End If
    
    ' Allow the query-string key "data" to have an XML-like value.
    If (requestValidationSource = _
            (RequestValidationSource.QueryString) AndAlso _
            (collectionKey = "data") Then
        ' The querystring value "<example>1234</example>" is allowed.
        If value = "<example>1234</example>" Then
            validationFailureIndex = -1
            Return True
        Else
            ' Leave any further checks to ASP.NET.
            Return MyBase.IsValidRequestString(context, value, _
                requestValidationSource__1, collectionKey, _
                validationFailureIndex)
        End If
    Else
        ' All other HTTP input checks fall back to 
        ' the base ASP.NET implementation.
        Return MyBase.IsValidRequestString(context, value, _
            requestValidationSource__1, collectionKey, _
            validationFailureIndex)
    End If
End Function
End Class

[C#]

using System;
using System.Web;
using System.Web.Util;

public class CustomRequestValidation : RequestValidator
{
    public CustomRequestValidation() {}

    protected override bool IsValidRequestString(
        HttpContext context, string value, 
        RequestValidationSource requestValidationSource, string collectionKey, 
        out int validationFailureIndex)
    {
        //Set a default value for the out parameter.
        validationFailureIndex = -1;

        // This application does not use RawUrl directly, 
        // so you can ignore the check for RequestValidationSource.RawUrl.
        if (requestValidationSource == RequestValidationSource.RawUrl)
            return true;

        // Allow the query-string key "data" to have an XML-like value.
        if (
            (requestValidationSource == RequestValidationSource.QueryString) &&
            (collectionKey == "data")
           )
        {
            // The querystring value "<example>1234</example>" is allowed.
            if (value == "<example>1234</example>")
            {
                validationFailureIndex = -1;
                return true;
            }
            else
           // Leave any further checks to ASP.NET.
                return base.IsValidRequestString(context, value, 
                requestValidationSource, collectionKey, out 
                validationFailureIndex);
        }
        // All other HTTP input checks fall back to 
        // the base ASP.NET implementation.
        else
        {
            return base.IsValidRequestString(context, value, 
                requestValidationSource, collectionKey, 
                out validationFailureIndex);
        }
    }
}

The following example shows how to configure ASP.NET to use the custom validator.

<httpRuntime requestValidationType="CustomRequestValidation" />

.NET Framework

Supported in: 4.5.1, 4.5, 4

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.