Overloading security check on dropdown, is it possible??

Søren M. Olesen · Jul 6, 2006

Hi

I'm trying to populate a dropdown list on a page, with the result from an
AJAX request, however, because my dropdown is runat="server" I get a
security error when posting back my page.
I guess that makes sence since a hacker could attemt to compromise the
webserver this way, however in my situation it's a bit of a problem.....

Is there a way to make the security check my self, so that I can determine
whether the data is OK or not??

TIA

Søren

Dominick Baier [DevelopMentor] · Jul 6, 2006

Hi,

i guess you are getting an ArgumentException?

you can disable that check by setting EnableEventValidation=false on the
page - but then - you have to thoroughly verify every single postback.

Søren M. Olesen · Jul 7, 2006

Yeah, I know I can disable the EnableEventValidation, but the I'd have to
check everything myself, I'd prefer to only check the stuff I know could be
changed from JScript....

Regards,

Søren

Dominick Baier [DevelopMentor] · Jul 7, 2006

I don't think that's gonna work - i haven't tried that though...

but EventValidation is also in code -

check the calls to

ClientScriptManager.RegisterForEventValidate and ValidateEvent.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Søren M. Olesen said:
Create a Custom Control that inherits DropDownList and leave off the
[SupportsEventValidation]
attribute from the class.
Use that control rather than DropDownList and you will effectively
disable event validation for a single control on your page. Everything
else will function as normal.

Søren M. Olesen said:

Yeah, I know I can disable the EnableEventValidation, but the I'd
have to check everything myself, I'd prefer to only check the stuff I
know could be changed from JScript....

Regards,

Søren

Click to expand...

Stephen Davies · Jul 7, 2006

Create a Custom Control that inherits DropDownList and leave off the
[SupportsEventValidation]
attribute from the class.

Use that control rather than DropDownList and you will effectively disable
event validation for a single control on your page. Everything else will
function as normal.

jQuery Overloading Strategy -- What Not To Do	25	Sep 10, 2011
Detailsview: Is it possible to share templatefields	3	Sep 25, 2008
Moving from PHP to Python. Is it Possible	19	Dec 11, 2009
Is it possible to wrap text in a dropdown control	0	Jun 3, 2004
Filling Datagrids based on dropdown	0	Nov 7, 2007
Yesterday is a canceled check	0	Jun 2, 2009
Yesterday is a canceled check	0	May 17, 2009
check the content of another frame or iFrame function is tripping browser security	4	Jul 24, 2007

Overloading security check on dropdown, is it possible??

Søren M. Olesen

Dominick Baier [DevelopMentor]

Søren M. Olesen

Dominick Baier [DevelopMentor]

Stephen Davies

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads