Control level request validation in ASP.NET 4.5

By | December 25, 2011

Request validation in ASP.NET designed to protection against cross site against cross-site scripting (XSS) attacks. This features is available from the beginning days of ASP.NET. This gives your web sites a default protection to prevent XSS attacksCheck this post to know about fundamentals of ASP.NET Request validation. In this post I am going to talk about the changes of request validation in ASP.NET 4.5 Developer preview.

ASP.NET request validation is turned on by default and prior to 4.5 it was a page level settings. Prior to ASP.NET 4.5 it was required to disable the validation for entire page in page directives using ValidateRequest attributes.


ASP.NET 4.5 introduced a nice enhancement in request validation with “Control Level Validation” . With ASP.NET 4.5 now you can disable the request validation for a specific control with a new properties “ValidateRequestMode” .

You can set ValidateRequestMode to either of below values

  • Disabled
  • Enabled 
  • Inherits.


Once you set the ValidateRequestMode properties for any control, ASP.NET runtime perform a lazy request validation for that specific control.

To enable this features you have to make sure requestValidationMode=”4.5″ is set in httpRuntime section in the web.config file of your web application.


As shown in below picture, we have enabled and disabled the control validation for different control. We can also even set to inherit to take automatically from the parent control behaviors.


Hope this helps !

Cheers !


One thought on “Control level request validation in ASP.NET 4.5

  1. Rakesh

    It was awesome description for all of us.yet we have not implement this property in our we will use this later in our project.


Comments are closed.