Share via

Replicating ASP.NET Request Validation Behavior in .NET 8 for Automatic Input Validation ?

Kirankumar Bharsadiya 40 Reputation points
2024-09-17T11:42:05.3466667+00:00

In our current ASP.NET Framework 4.7.2 application, we utilize request validation to automatically check for potentially malicious input by setting requestValidationMode to 4.0 in the web.config file. This ensures that requests are validated for dangerous content whenever any request properties (like Request.Form, Request.QueryString, etc.) are accessed, offering built-in protection against XSS and other attacks.

However, in .NET 8, the requestValidationMode feature is no longer available, and we need to implement a similar validation mechanism manually using middleware or action filters. The challenge is that our current manual implementations don't provide the same automatic behavior—where validation happens each time, we access request properties.

Is there a recommended approach to replicate this exact behavior in .NET 8, where validation automatically occurs upon accessing request data (similar to how it worked in ASP.NET Framework)? How can we implement this in .NET 8 to ensure the same level of security and robustness as before?

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,808 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,526 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,459 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SurferOnWww 2,661 Reputation points
    2024-09-17T12:23:51.4133333+00:00

    Can the following Microsoft document help?

    Prevent Cross-Site Scripting (XSS) in ASP.NET Core

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.