RequestValidationSource Enum

Definition

Specifies what kind of HTTP request data to validate.

public enum class RequestValidationSource
public enum RequestValidationSource
type RequestValidationSource = 
Public Enum RequestValidationSource
Inheritance
RequestValidationSource

Fields

Cookies 2

The request cookies.

Files 3

The uploaded file.

Form 1

The form values.

Headers 7

The request headers.

Path 5

The virtual path.

PathInfo 6

An HTTP PathInfo string, which is an extension to a URL path.

QueryString 0

The query string.

RawUrl 4

The raw URL. (The part of a URL after the domain.)

Examples

The following example shows how to create a custom request validator class that allows only a specific string for query-string values.

Imports System.Web  
Imports System.Web.Util  
  
Public Class CustomRequestValidation  
    Inherits RequestValidator  
  
Protected Overloads Overrides Function IsValidRequestString( _  
        ByVal context As HttpContext, _  
        ByVal value As String, _  
        ByVal requestValidationSource__1 As RequestValidationSource, _  
        ByVal collectionKey As String, _  
        ByRef validationFailureIndex As Integer) As Boolean  
    validationFailureIndex = -1  
    ' Set a default value for the out parameter.  
    ' This application does not use RawUrl directly, so you can   
    ' ignore the check for RequestValidationSource.RawUrl.  
    If requestValidationSource = RequestValidationSource.RawUrl Then  
        Return True  
    End If  
  
    ' Allow the query-string key "data" to have an XML-like value.  
    If (requestValidationSource = _  
            (RequestValidationSource.QueryString) AndAlso _  
            (collectionKey = "data") Then  
        ' The querystring value "<example>1234</example>" is allowed.  
        If value = "<example>1234</example>" Then  
            validationFailureIndex = -1  
            Return True  
        Else  
            ' Leave any further checks to ASP.NET.  
            Return MyBase.IsValidRequestString(context, value, _  
                requestValidationSource__1, collectionKey, _  
                validationFailureIndex)  
        End If  
    Else  
        ' All other HTTP input checks fall back to   
        ' the base ASP.NET implementation.  
        Return MyBase.IsValidRequestString(context, value, _  
            requestValidationSource__1, collectionKey, _  
            validationFailureIndex)  
    End If  
End Function  
End Class  
using System;  
using System.Web;  
using System.Web.Util;  
  
public class CustomRequestValidation : RequestValidator  
{  
    public CustomRequestValidation() {}  
  
    protected override bool IsValidRequestString(  
        HttpContext context, string value,   
        RequestValidationSource requestValidationSource, string collectionKey,   
        out int validationFailureIndex)  
    {  
        //Set a default value for the out parameter.  
        validationFailureIndex = -1;  
  
        // This application does not use RawUrl directly,   
        // so you can ignore the check for RequestValidationSource.RawUrl.  
        if (requestValidationSource == RequestValidationSource.RawUrl)  
            return true;  
  
        // Allow the query-string key "data" to have an XML-like value.  
        if (  
            (requestValidationSource == RequestValidationSource.QueryString) &&  
            (collectionKey == "data")  
           )  
        {  
            // The querystring value "<example>1234</example>" is allowed.  
            if (value == "<example>1234</example>")  
            {  
                validationFailureIndex = -1;  
                return true;  
            }  
            else  
           // Leave any further checks to ASP.NET.  
                return base.IsValidRequestString(context, value,   
                requestValidationSource, collectionKey, out   
                validationFailureIndex);  
        }  
        // All other HTTP input checks fall back to   
        // the base ASP.NET implementation.  
        else  
        {  
            return base.IsValidRequestString(context, value,   
                requestValidationSource, collectionKey,   
                out validationFailureIndex);  
        }  
    }  
}  

The following example shows how to configure ASP.NET to use the custom validator.

<httpRuntime requestValidationType="CustomRequestValidation" />  

Remarks

You can create a custom request validation type by implementing the RequestValidator type. When ASP.NET calls the IsValidRequestString method to validate a request, ASP.NET passes a requestValidationSource parameter to specify the source of the data being validated. The RequestValidationSource enumeration is used to specify the source or kind of request data that is being validated. The enumeration indicates the type of HTTP input that is passed in the value parameter of the IsValidRequestString method. You can use the enumeration as a way to fall back to the base request validation implementation for HTTP inputs if you do not want to validate using custom logic.

The following table shows how the value of the collectionKey and value parameter of the RequestValidator.IsValidRequestString method are interpreted for each member of the RequestValidationSource enumeration.

Enumeration member collectionKey parameter value parameter
Cookies The name of the cookie in the collection. The value in the collection.
Files The name of the uploaded file in the collection. The value of the uploaded file in the collection.
Form The name of the form parameter in the collection The value of the form parameter in the collection.
Headers The name of an HTTP header in the collection. The value of the HTTP header in the collection.
Path null (Path is not a collection of values). The value of the Path field.
PathInfo null (PathInfo is not a collection of values). The value of the PathInfo field.
QueryString The name of the query-string parameter in the collection. The value of the query-string parameter in the collection.
RawUrl null (RawUrl is not a collection of values.) The value of the RawUrl field.

Applies to

See also