RequestValidator Class
Defines base methods for custom request validation.
Assembly: System.Web (in System.Web.dll)
The RequestValidator type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | IsValidRequestString | Validates a string that contains HTTP request data. |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
By default, ASP.NET does not validate requests until code explicitly requests a value from the request. For example, ASP.NET does not validate query-string values until code accesses the QueryString collection. By default, ASP.NET also does not validate some types of request data, such as form values, cookies, the names of files that have been uploaded using HTTP, and the value of the RawUrl property.
The RequestValidator class is a base class that you can implement in order to provide custom request validation. By implementing this class, you can determine when validation occurs and what type of request data to perform validation on.
By default, ASP.NET provides cross-site scripting (XSS) checks. However, you can supplement or replace the request validation logic that is provided in ASP.NET by creating a custom implementation of the XSS. For example, you can write a custom request validation implementation that scans for SQL injection attacks in addition to checking for XSS attacks.
To create custom request validation, you write a custom class that derives from the RequestValidator base class. You then configure ASP.NET to use the custom request validator in the application-level Web.config file. You can put the custom class in the App_Code folder, in a compiled class library in the Bin folder, or in a compiled class library in the GAC.
Note |
|---|
Only one custom request validation type can be configured for an application. It is not possible to configure a different request validation type for individual virtual paths or pages. |
The following example shows how to create a custom request validator that allows only a specific string to be used for query-string values.
The following example shows how to configure ASP.NET to use the custom validator in the Web.config file for an application.
<system.web> <httpRuntime requestValidationType="CustomRequestValidation" /> </system.web>
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.




Note