What is the difference between requestValidationMode 2.0 and 4.0

Question

What is the difference between requestValidationMode 2.0 and 4.0

here are the definitions from MSDN,

4.0 (default). The HttpRequest object internally sets a flag that indicates that request validation should be run whenever any HTTP request data arrives. This ensures that request verification is initiated before data such as cookies and URLs is available during the request. The parameters for checking the request for a page element (if any) in the configuration file or the @ Page directive on a separate page are ignored.

2.0. Request validation is allowed only for pages, and not for all HTTP requests. In addition, the parameters for checking the page element request (if any) in the configuration file or the @ Page directive on a separate page are used to determine which page requests are checked.

but I don’t understand if anyone can help explain a little?

+3

validation asp.net

fengd Mar 25 '11 at 6:22

source share

1 answer

citronas · Accepted Answer · 2011-03-25T07:19:59+0000

You can take a look at this

Think about this, since not only the request from .aspx pages is checked for requests by malicious users, but not all requests. This can lead to websites breaking their functionality if they were upgraded from 2.0 to 4.0.

To be honest, I don't understand why a particular request fails. So far I have just returned 4.0 applications back to check 2.0

<httpRuntime requestValidationMode="2.0" />

What is the difference between requestValidationMode 2.0 and 4.0

More articles: