In this article I will explain, how to make solve the problem of ValidateRequest = 'false' not working in .Net 4.0 and 4.5 in ASP.Net.
ValidateRequest = 'false' is used to supress the exception: A potentially dangerous Request.Form value was detected from the client in ASP.Net and allow posting scripts and HTML content in ASP.Net.
The ValidateRequest property is a .Net 2.0 and .Net 3.5 property and hence in order to work on .Net 4.0 and .Net 4.5 an additional property is needed.
Using ValidateRequest property in ASP.Net
On some occasions, due to requirement one has to POST HTML content. Example using Rich Text Editors such as TinyMCE, HtmlEditorExtender, etc.
For such cases the above exception can be suppressed by setting the ValidateRequest to FALSE in the following ways.
1. At Page level using @Page Directive [RECOMMENDED]
The ValidateRequest setting can be set to FALSE in the @Page Directive. Disabling the ValidateRequest setting in @Page Directive will disable it only for the specific Page.
This will disable the validation of requests for the page you have set the ValidateRequest setting to FALSE.
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" %>
2. In Web.Config
The ValidateRequest setting can be disabled for complete application by setting it to FALSE in the System.Web section of Web.Config as shown below.
<pages validateRequest="false" />
Making ValidateRequest property work in .Net 4.0 and .Net 4.5
For .Net 4.0 and 4.5 frameworks, the following setting also needs to be added along with the above setting in the System.Web section of Web.Config.
<httpRuntime requestValidationMode="2.0" />