iis smtp nntp:
[quoted text, click to view] Davis wrote:
> When I try to log in remotely to either a client or server, I get a "Page
> Not Found," error UNLESS I check the "I'm using a public or shared
> computer," box. Whether pcTpye=clients or servers does not matter. I have
> tried cleaning out cookies (as there's some evidence of a cookie issue in
> the error message), but that did not help.
>
> In the Application Viewer is the error message, below.
>
> Ideas?
>
> ==========================
> Event Type: Error
> Event Source: SBS.RWW
> Event Category: None
> Event ID: 0
> Date: 05-Oct-05
> Time: 22:31:18
> User: N/A
> Computer: SRVRDC01
> Description:
> The following fatal error occurred in the Remote Web Workplace application:
> URL: https://<mywebsite>/Remote/selectpc.aspx?pcType=clients
> Error Message: A potentially dangerous Request.Cookies value was detected
> from the client
> (Microsoft.Sharepoint.AcceptHeaders="...&pps=TRUE&one=FALSE&mpp=FALSE").
> Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String
> valueName, String collectionName)
> at System.Web.HttpRequest.ValidateCookieCollection(HttpCookieCollection
> cc)
> at System.Web.HttpRequest.get_Cookies()
> at remote.selectpc.Page_Load(Object sender, EventArgs e)
> at System.Web.UI.Control.OnLoad(EventArgs e)
> at System.Web.UI.Control.LoadRecursive()
> at System.Web.UI.Page.ProcessRequestMain()
> at System.Web.UI.Page.ProcessRequest()
> at System.Web.UI.Page.ProcessRequest(HttpContext context)
> at
> System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
> at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
>
> ================
> Rob
I found the following information,
maybe you should look at the string that is send from the client,
if it is using any of this character pairs.(guess it will not be send if
you choos "public computer".
this is a security feature designed to prevent script from being
submitted with an HTML form. Although none of the base 64 characters are
invalid in a cookie value, there are combinations that are not
acceptable, including:
<{a-z}
<!
expression(
on{a-z}*=
&#
script{space}*.
If the HttpRequestValidationException is being raised, then the only way
to work around it is to disable request validation for the pages using
those cookies. However, if you disable request validation, it is very
important that you perform your own validation of any input accepted
from the user. The request validation feature, which was introduced in
ASP.NET 1.1, is designed to be a first line of defense against
cross-site scripting attacks. Without such validation, your application
could be vulnerable to such attacks.
more infor about this feature can be found here :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000004.asp
hope this helps
gr /\/\o\/\/
