Potentially dangerous RequestForm value was detected from the client when logging with ADFS
Environment
| Product | Progress® Telerik® Report Server |
Description
The problem is caused by a known issue with AD which is logged on our feedback portal - Web.config error after authenticating with Active Directory.
Error Message
The Potentially dangerous Request.Form in WSFederationAuthenticationModule.IsSignInResponse error can be observed in the Event Viewer Log. In the application, you may see Server Error in '/' Application.
Cause\Possible Cause(s)
ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it.
Workaround
The workaround is adding the following requestValidationMode="2.0" setting in the web.config file which will remove the "potentially dangerous" exception:
<httpRuntime maxRequestLength="2097152" requestValidationMode="2.0"/>
The Report Server's Web.config configuration file can be found in {reportServer_installDir}/Telerik.ReportServer.Web. For example, if you have installed the product with the default settings, you can find the file at the following path:
C:\Program Files (x86)\Progress\Telerik Report Server\Telerik.ReportServer.Web
More details about the workaround can be found at the following StackOverflow thread - Potentially dangerous Request.Form in WSFederationAuthenticationModule.IsSignInResponse.