|
Home > Archive > IIS and SMTP > October 2005 > SBS.RWW Error
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| When I try to log in remotely to either a client or server, I get a "Page
Not Found," error UNLESS I check the "I'm using a public or shared
computer," box. Whether pcTpye=clients or servers does not matter. I have
tried cleaning out cookies (as there's some evidence of a cookie issue in
the error message), but that did not help.
In the Application Viewer is the error message, below.
Ideas?
==========================
Event Type: Error
Event Source: SBS.RWW
Event Category: None
Event ID: 0
Date: 05-Oct-05
Time: 22:31:18
User: N/A
Computer: SRVRDC01
Description:
The following fatal error occurred in the Remote Web Workplace application:
URL: https://<mywebsite>/Remote/selectpc.aspx?pcType=clients
Error Message: A potentially dangerous Request.Cookies value was detected
from the client
(Microsoft.Sharepoint.AcceptHeaders="...&pps=TRUE&one=FALSE&mpp=FALSE").
Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String
valueName, String collectionName)
at System.Web.HttpRequest. ValidateCookieCollection(HttpCookieColle
ction
cc)
at System.Web.HttpRequest.get_Cookies()
at remote.selectpc.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain()
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
================
Rob
| |
| /\\/\\o\\/\\/ 2005-10-09, 7:48 am |
| Davis wrote:
> When I try to log in remotely to either a client or server, I get a "Page
> Not Found," error UNLESS I check the "I'm using a public or shared
> computer," box. Whether pcTpye=clients or servers does not matter. I have
> tried cleaning out cookies (as there's some evidence of a cookie issue in
> the error message), but that did not help.
>
> In the Application Viewer is the error message, below.
>
> Ideas?
>
> ==========================
> Event Type: Error
> Event Source: SBS.RWW
> Event Category: None
> Event ID: 0
> Date: 05-Oct-05
> Time: 22:31:18
> User: N/A
> Computer: SRVRDC01
> Description:
> The following fatal error occurred in the Remote Web Workplace application:
> URL: https://<mywebsite>/Remote/selectpc.aspx?pcType=clients
> Error Message: A potentially dangerous Request.Cookies value was detected
> from the client
> (Microsoft.Sharepoint.AcceptHeaders="...&pps=TRUE&one=FALSE&mpp=FALSE").
> Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String
> valueName, String collectionName)
> at System.Web.HttpRequest. ValidateCookieCollection(HttpCookieColle
ction
> cc)
> at System.Web.HttpRequest.get_Cookies()
> at remote.selectpc.Page_Load(Object sender, EventArgs e)
> at System.Web.UI.Control.OnLoad(EventArgs e)
> at System.Web.UI.Control.LoadRecursive()
> at System.Web.UI.Page.ProcessRequestMain()
> at System.Web.UI.Page.ProcessRequest()
> at System.Web.UI.Page.ProcessRequest(HttpContext context)
> at
> System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
> at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
>
> ================
> Rob
I found the following information,
maybe you should look at the string that is send from the client,
if it is using any of this character pairs.(guess it will not be send if
you choos "public computer".
this is a security feature designed to prevent script from being
submitted with an HTML form. Although none of the base 64 characters are
invalid in a cookie value, there are combinations that are not
acceptable, including:
<{a-z}
<!
expression(
on{a-z}*=
&#
script{space}*.
If the HttpRequestValidationException is being raised, then the only way
to work around it is to disable request validation for the pages using
those cookies. However, if you disable request validation, it is very
important that you perform your own validation of any input accepted
from the user. The request validation feature, which was introduced in
ASP.NET 1.1, is designed to be a first line of defense against
cross-site scripting attacks. Without such validation, your application
could be vulnerable to such attacks.
more infor about this feature can be found here :
http://msdn.microsoft.com/library/d...paght000004.asp
hope this helps
gr /\/\o\/\/
|
|
|
|
|