Trying to establish link to create account

Dec 13, 2010 at 10:03 PM
Edited Dec 13, 2010 at 10:05 PM

BE_2.0 RC, with XML., ASP.net 4.0.

I am trying to create a link to the create account form for users to self register and receive this error when trying to save the text box.  Actually all one h as to do is type Create Account here and the error occurs. Thank you.

A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p>A gathering of fr...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p>A gathering of fr...").

Coordinator
Dec 14, 2010 at 6:24 AM

If you're using .NET 4.0 with XML, I would recommend using the ASP.NET 4.0 web.config file that is now included in the latest builds of BE.  Here's a direct link.

Or, if you want to continue using the web.config file you have now, add the requestValidationMode="2.0" attribute to the existing <httpRuntime> tag.

<httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true"
maxRequestLength="16384" executionTimeout="3600"
requestLengthDiskThreshold="16384" requestValidationMode="2.0"/>

 

Dec 14, 2010 at 2:49 PM
Edited Dec 14, 2010 at 3:23 PM

Thank you, the same error still occurs Ben.  If I try to edit a texbox the error occurs.  Maybe I need to create a new textbox and go from there.  I am beginning to think it may be theme specific, I have no issues on my hiking club website with 2.0 and 4.0 although it is a database.  I should mention I have self registration activated on the problem site.

edit:

I have now discovered that all I need to do is try to edit the text box, not typing anything and hit save and the error occurs.

Coordinator
Dec 14, 2010 at 6:42 PM

I sort of doubt it's theme specific, but you could try temporarily switching to the Standard theme or another theme to see if the problem persists.

This error is occurring when you edit the TextBox widget, right?

Are you using the ASP.NET 4.0 web.config file I posted a link to ?  Maybe you can post your web.config file here.  I'm guessing it's probably okay, but wouldn't hurt to look at.

Dec 15, 2010 at 2:16 AM

Yes, when trying to edit a textbox.

<!--?xml version="1.0"?-->
<?xml version="1.0"?>
<configuration>
  <configSections>
    <sectionGroup name="BlogEngine">
      <section name="blogProvider" requirePermission="false" type="BlogEngine.Core.Providers.BlogProviderSection, BlogEngine.Core" allowDefinition="MachineToApplication" restartOnExternalChanges="true"/>
    </sectionGroup>
    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
        <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
          <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
          <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
          <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
          <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        </sectionGroup>
      </sectionGroup>
    </sectionGroup>
  </configSections>
  <BlogEngine>
    <blogProvider defaultProvider="XmlBlogProvider">
      <providers>
        <add name="XmlBlogProvider" type="BlogEngine.Core.Providers.XmlBlogProvider, BlogEngine.Core"/>
        <add name="DbBlogProvider" type="BlogEngine.Core.Providers.DbBlogProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
      </providers>
    </blogProvider>
  </BlogEngine>
  <connectionStrings>
    <clear/>
    <add name="BlogEngine" connectionString="Data Source=MySQLServer;User ID=user;Password=password;persist security info=False;initial catalog=BlogEngine;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <appSettings>
    <add key="BlogEngine.FileExtension" value=".aspx"/>
    <!-- You can e.g. use "~/blog/" if BlogEngine.NET is not located in the root of the application -->
    <add key="BlogEngine.VirtualPath" value="~/"/>
    <!-- The regex used to identify mobile devices so a different theme can be shown -->
    <add key="BlogEngine.MobileDevices" value="(iemobile|iphone|ipod|android|nokia|sonyericsson|blackberry|samsung|sec\-|windows ce|motorola|mot\-|up.b|midp\-)"/>
    <!-- The name of the role with administrator permissions -->
    <add key="BlogEngine.AdminRole" value="Administrators"/>
    <!-- The name of the role for anonymous(non-authenticated) users. -->
    <add key="BlogEngine.AnonymousRole" value="Anonymous" />
    <!-- The name of the role for Editors -->
    <add key="BlogEngine.EditorsRole" value="Editors" />
    <!--This value is to provide an alterantive location for storing data.-->
    <add key="StorageLocation" value="~/App_Data/"/>
    <!--A comma separated list of script names to hard minify. It's case-sensitive. -->
    <add key="BlogEngine.HardMinify" value="blog.js,widget.js,WebResource.axd"/>
  </appSettings>
  <system.serviceModel>
    <services>
      <service behaviorConfiguration="AuthenticationServiceBehaviors"
        name="System.Web.ApplicationServices.AuthenticationService">
        <endpoint binding="basicHttpBinding" contract="System.Web.ApplicationServices.AuthenticationService" />
      </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <behaviors>
      <serviceBehaviors>
        <behavior name="AuthenticationServiceBehaviors">
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
  <system.web.extensions>
    <scripting>
      <webServices>
        <authenticationService enabled="true" requireSSL="false"/>
      </webServices>
    </scripting>
  </system.web.extensions>
  <system.web>
    <compilation debug="true">
      <assemblies>
        <add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
      <expressionBuilders>
        <add expressionPrefix="LinqLength" type="BlogEngine.Core.Compilation.LinqLengthExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Reflect" type="BlogEngine.Core.Compilation.ReflectExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Session" type="BlogEngine.Core.Compilation.SessionExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Server" type="BlogEngine.Core.Compilation.ServerVariableExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="QueryString" type="BlogEngine.Core.Compilation.QueryStringExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Code" type="BlogEngine.Core.Compilation.CodeExpressionBuilder, BlogEngine.Core"/>
      </expressionBuilders>
    </compilation>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto"/>
    <httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384"/>
    <machineKey validationKey="D9F7287EFDE8DF4CAFF79011D5308643D8F62AE10CDF30DAB640B7399BF6C57B0269D60A23FBCCC736FC2487ED695512BA95044DE4C58DC02C2BA0C4A266454C" decryptionKey="BDAAF7E00B69BA47B37EEAC328929A06A6647D4C89FED3A7D5C52B12B23680F4" validation="SHA1" decryption="AES"/>
    <authentication mode="Forms">
      <forms timeout="129600" name=".AUXBLOGENGINE" protection="All" slidingExpiration="true" loginUrl="~/Account/login.aspx" cookieless="UseCookies"/>
    </authentication>
    <pages enableSessionState="false" enableViewStateMac="true" enableEventValidation="true">
      <controls>
        <add namespace="App_Code.Controls" tagPrefix="blog"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
      <namespaces>
        <add namespace="BlogEngine.Core" />
      </namespaces>
    </pages>
    <customErrors mode="RemoteOnly" defaultRedirect="~/error.aspx" redirectMode="ResponseRewrite">
      <error statusCode="404" redirect="~/error404.aspx"/>
    </customErrors>
    <membership defaultProvider="XmlMembershipProvider">
      <providers>
        <clear/>
        <add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" passwordFormat="Hashed"/>
        <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
        <add name="DbMembershipProvider" type="BlogEngine.Core.Providers.DbMembershipProvider, BlogEngine.Core" passwordFormat="Hashed" connectionStringName="BlogEngine"/>
      </providers>
    </membership>
    <roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
      <providers>
        <clear/>
        <add name="XmlRoleProvider" type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core" description="XML role provider"/>
        <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
        <add name="DbRoleProvider" type="BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
      </providers>
    </roleManager>
    <siteMap defaultProvider="PageSiteMap" enabled="true">
      <providers>
        <add name="PageSiteMap" description="The site map provider that reads in the .sitemap XML files." type="BlogEngine.Core.Web.Controls.PageSiteMap, BlogEngine.Core"/>
        <add name="SecuritySiteMap" description="Used for authenticated users." type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" securityTrimmingEnabled="true" siteMapFile="Web.sitemap"/>
      </providers>
    </siteMap>
    <httpModules>
      <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
      <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
      <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
      <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
      <!--Remove the default ASP.NET modules we don't need-->
      <remove name="PassportAuthentication"/>
      <remove name="Profile"/>
      <remove name="AnonymousIdentification"/>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
    <httpHandlers>
      <add verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" validate="false"/>
      <add verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="js.axd" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" validate="false"/>
      <add verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" validate="false"/>
      <add verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" validate="false"/>
      <add verb="*" path="*.htm" type="System.Web.StaticFileHandler" />
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <!-- Enable the staticContent section below to add Expires headers to images for better performance.
				 Some hosting providers does not allow the staticContent section to be set. -->
    <!--
    <staticContent>
      <clientCache httpExpires="Sun, 29 Mar 2020 00:00:00 GMT" cacheControlMode="UseExpires" />
      <mimeMap fileExtension=".mp4" mimeType="video/mp4" />
    </staticContent>
    -->
    <modules>
      <remove name="ScriptModule"/>
      <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
      <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
      <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
      <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers accessPolicy="Read, Write, Script, Execute">
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="FileHandler" verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="ImageHandler" verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Syndication" verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Sitemap" verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Trackback" verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Pingback" verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="OpenSearch" verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="MetaWeblog" verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="RSD" verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="CssHandler" verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Javascript" path="js.axd" verb="*" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Resource" verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Rating" verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Opml" verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="BlogML" verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="SIOC" verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Apml" verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Foaf" verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Html" path="*.htm" verb="*" type="System.Web.StaticFileHandler" resourceType="Unspecified" preCondition="integratedMode" />
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
    <!-- Enable the httpProtocol section below to manipulate some HTTP headers.
				 Some hosting providers does not allow the httpProtocol section to be set. -->
    <!--
		<httpProtocol>
			<customHeaders>
				<remove name="X-Powered-By" />
				<add name="Etag" value=" " />
			</customHeaders>
		</httpProtocol>
		-->
  </system.webServer>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

<!-- You can e.g. use "~/blog/" if BlogEngine.NET is not located in the root of the application --> <!-- The regex used to identify mobile devices so a different theme can be shown --> <!-- The name of the role with administrator permissions --> <!-- The name of the role for anonymous(non-authenticated) users. --> <!-- The name of the role for Editors --> <!--This value is to provide an alterantive location for storing data.--> <!--A comma separated list of script names to hard minify. It's case-sensitive. -->
<!--?xml version="1.0"?-->

  
    
      
    
    
      
        
        
          
          
          
          
        
      
    
  
  
    
      
        
        
      
    
  
  
    
    
  
  
    
    <!-- You can e.g. use "~/blog/" if BlogEngine.NET is not located in the root of the application -->
    
    <!-- The regex used to identify mobile devices so a different theme can be shown -->
    
    <!-- The name of the role with administrator permissions -->
    
    <!-- The name of the role for anonymous(non-authenticated) users. -->
    
    <!-- The name of the role for Editors -->
    
    <!--This value is to provide an alterantive location for storing data.-->
    
    <!--A comma separated list of script names to hard minify. It's case-sensitive. -->
    
  
  
    
      
        
      
    
    
    
      
        
          
        
      
    
  
  
    
      
        
      
    
  
  
    
      
        
        
        
        
        
        
        
        
        
        
        
      
      
        
        
        
        
        
        
      
    
    
    
    
    
      
    
    
      
        
        
        
      
      
        
      
    
    
      
    
    
      
        
        
        
        
      
    
    
      
        
        
        
        
      
    
    
      
        
        
      
    
    
      
      
      
      
      <!--Remove the default ASP.NET modules we don't need-->
      
      
      
      
    
    
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
    
  
  
    
    <!-- Enable the staticContent section below to add Expires headers to images for better performance.
				 Some hosting providers does not allow the staticContent section to be set. -->
    <!--
    <staticContent>
      <clientCache httpExpires="Sun, 29 Mar 2020 00:00:00 GMT" cacheControlMode="UseExpires" />
      <mimeMap fileExtension=".mp4" mimeType="video/mp4" />
    </staticContent>
    -->
    
      
      
      
      
      
      
    
    
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
    
    <!-- Enable the httpProtocol section below to manipulate some HTTP headers.
				 Some hosting providers does not allow the httpProtocol section to be set. -->
    <!--
		<httpProtocol>
			<customHeaders>
				<remove name="X-Powered-By" />
				<add name="Etag" value=" " />
			</customHeaders>
		</httpProtocol>
		-->
  
  
    
      
        
        
      
      
        
        
        
      
    
  
  
    
      
        
        
      
      
        
        
      
    
  

<!--Remove the default ASP.NET modules we don't need--> <!-- Enable the staticContent section below to add Expires headers to images for better performance. Some hosting providers does not allow the staticContent section to be set. --> <!-- <staticContent> <clientCache httpExpires="Sun, 29 Mar 2020 00:00:00 GMT" cacheControlMode="UseExpires" /> <mimeMap fileExtension=".mp4" mimeType="video/mp4" /> </staticContent> --> <!-- Enable the httpProtocol section below to manipulate some HTTP headers. Some hosting providers does not allow the httpProtocol section to be set. --> <!-- <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> <add name="Etag" value=" " /> </customHeaders> </httpProtocol> -->


Coordinator
Dec 15, 2010 at 2:23 AM

Thanks for posting your web.config file.  It does NOT have the requestValidationMode="2.0" attribute we have discussed here that is needed to avoid this error.

Dec 15, 2010 at 2:43 AM

Weird it is the one I downloaded that you referred to.  Check this one and see if it is correct.

<?xml version="1.0"?>
<configuration>
  <configSections>
    <sectionGroup name="BlogEngine">
      <section name="blogProvider" requirePermission="false" type="BlogEngine.Core.Providers.BlogProviderSection, BlogEngine.Core" allowDefinition="MachineToApplication" restartOnExternalChanges="true"/>
    </sectionGroup>
    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
        <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
          <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
          <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
          <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
          <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        </sectionGroup>
      </sectionGroup>
    </sectionGroup>
  </configSections>
  <BlogEngine>
    <blogProvider defaultProvider="XmlBlogProvider">
      <providers>
        <add name="XmlBlogProvider" type="BlogEngine.Core.Providers.XmlBlogProvider, BlogEngine.Core"/>
        <add name="DbBlogProvider" type="BlogEngine.Core.Providers.DbBlogProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
      </providers>
    </blogProvider>
  </BlogEngine>
  <connectionStrings>
    <clear/>
    <add name="BlogEngine" connectionString="Data Source=MySQLServer;User ID=user;Password=password;persist security info=False;initial catalog=BlogEngine;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <appSettings>
    <add key="BlogEngine.FileExtension" value=".aspx"/>
    <!-- You can e.g. use "~/blog/" if BlogEngine.NET is not located in the root of the application -->
    <add key="BlogEngine.VirtualPath" value="~/"/>
    <!-- The regex used to identify mobile devices so a different theme can be shown -->
    <add key="BlogEngine.MobileDevices" value="(iemobile|iphone|ipod|android|nokia|sonyericsson|blackberry|samsung|sec\-|windows ce|motorola|mot\-|up.b|midp\-)"/>
    <!-- The name of the role with administrator permissions -->
    <add key="BlogEngine.AdminRole" value="Administrators"/>
    <!-- The name of the role for anonymous(non-authenticated) users. -->
    <add key="BlogEngine.AnonymousRole" value="Anonymous" />
    <!-- The name of the role for Editors -->
    <add key="BlogEngine.EditorsRole" value="Editors" />
    <!--This value is to provide an alterantive location for storing data.-->
    <add key="StorageLocation" value="~/App_Data/"/>
    <!--A comma separated list of script names to hard minify. It's case-sensitive. -->
    <add key="BlogEngine.HardMinify" value="blog.js,widget.js,WebResource.axd"/>
  </appSettings>
  <system.serviceModel>
    <services>
      <service behaviorConfiguration="AuthenticationServiceBehaviors"
        name="System.Web.ApplicationServices.AuthenticationService">
        <endpoint binding="basicHttpBinding" contract="System.Web.ApplicationServices.AuthenticationService" />
      </service>
    </services>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
    <behaviors>
      <serviceBehaviors>
        <behavior name="AuthenticationServiceBehaviors">
          <serviceMetadata httpGetEnabled="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
  <system.web.extensions>
    <scripting>
      <webServices>
        <authenticationService enabled="true" requireSSL="false"/>
      </webServices>
    </scripting>
  </system.web.extensions>
  <system.web>
    <compilation debug="true">
      <assemblies>
        <add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Xml, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
      <expressionBuilders>
        <add expressionPrefix="LinqLength" type="BlogEngine.Core.Compilation.LinqLengthExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Reflect" type="BlogEngine.Core.Compilation.ReflectExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Session" type="BlogEngine.Core.Compilation.SessionExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Server" type="BlogEngine.Core.Compilation.ServerVariableExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="QueryString" type="BlogEngine.Core.Compilation.QueryStringExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Code" type="BlogEngine.Core.Compilation.CodeExpressionBuilder, BlogEngine.Core"/>
      </expressionBuilders>
    </compilation>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto"/>
    <httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384"/>
    <machineKey validationKey="D9F7287EFDE8DF4CAFF79011D5308643D8F62AE10CDF30DAB640B7399BF6C57B0269D60A23FBCCC736FC2487ED695512BA95044DE4C58DC02C2BA0C4A266454C" decryptionKey="BDAAF7E00B69BA47B37EEAC328929A06A6647D4C89FED3A7D5C52B12B23680F4" validation="SHA1" decryption="AES"/>
    <authentication mode="Forms">
      <forms timeout="129600" name=".AUXBLOGENGINE" protection="All" slidingExpiration="true" loginUrl="~/Account/login.aspx" cookieless="UseCookies"/>
    </authentication>
    <pages enableSessionState="false" enableViewStateMac="true" enableEventValidation="true">
      <controls>
        <add namespace="App_Code.Controls" tagPrefix="blog"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
      <namespaces>
        <add namespace="BlogEngine.Core" />
      </namespaces>
    </pages>
    <customErrors mode="RemoteOnly" defaultRedirect="~/error.aspx" redirectMode="ResponseRewrite">
      <error statusCode="404" redirect="~/error404.aspx"/>
    </customErrors>
    <membership defaultProvider="XmlMembershipProvider">
      <providers>
        <clear/>
        <add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" passwordFormat="Hashed"/>
        <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
        <add name="DbMembershipProvider" type="BlogEngine.Core.Providers.DbMembershipProvider, BlogEngine.Core" passwordFormat="Hashed" connectionStringName="BlogEngine"/>
      </providers>
    </membership>
    <roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
      <providers>
        <clear/>
        <add name="XmlRoleProvider" type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core" description="XML role provider"/>
        <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
        <add name="DbRoleProvider" type="BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
      </providers>
    </roleManager>
    <siteMap defaultProvider="PageSiteMap" enabled="true">
      <providers>
        <add name="PageSiteMap" description="The site map provider that reads in the .sitemap XML files." type="BlogEngine.Core.Web.Controls.PageSiteMap, BlogEngine.Core"/>
        <add name="SecuritySiteMap" description="Used for authenticated users." type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" securityTrimmingEnabled="true" siteMapFile="Web.sitemap"/>
      </providers>
    </siteMap>
    <httpModules>
      <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
      <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
      <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
      <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
      <!--Remove the default ASP.NET modules we don't need-->
      <remove name="PassportAuthentication"/>
      <remove name="Profile"/>
      <remove name="AnonymousIdentification"/>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
    <httpHandlers>
      <add verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" validate="false"/>
      <add verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="js.axd" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" validate="false"/>
      <add verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" validate="false"/>
      <add verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" validate="false"/>
      <add verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" validate="false"/>
      <add verb="*" path="*.htm" type="System.Web.StaticFileHandler" />
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <!-- Enable the staticContent section below to add Expires headers to images for better performance.
				 Some hosting providers does not allow the staticContent section to be set. -->
    <!--
    <staticContent>
      <clientCache httpExpires="Sun, 29 Mar 2020 00:00:00 GMT" cacheControlMode="UseExpires" />
      <mimeMap fileExtension=".mp4" mimeType="video/mp4" />
    </staticContent>
    -->
    <modules>
      <remove name="ScriptModule"/>
      <add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
      <add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
      <add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
      <add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers accessPolicy="Read, Write, Script, Execute">
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="FileHandler" verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="ImageHandler" verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Syndication" verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Sitemap" verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Trackback" verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Pingback" verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="OpenSearch" verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="MetaWeblog" verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="RSD" verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="CssHandler" verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Javascript" path="js.axd" verb="*" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Resource" verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Rating" verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Opml" verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="BlogML" verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="SIOC" verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Apml" verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Foaf" verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
      <add name="Html" path="*.htm" verb="*" type="System.Web.StaticFileHandler" resourceType="Unspecified" preCondition="integratedMode" />
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
    <!-- Enable the httpProtocol section below to manipulate some HTTP headers.
				 Some hosting providers does not allow the httpProtocol section to be set. -->
    <!--
		<httpProtocol>
			<customHeaders>
				<remove name="X-Powered-By" />
				<add name="Etag" value=" " />
			</customHeaders>
		</httpProtocol>
		-->
  </system.webServer>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

Coordinator
Dec 15, 2010 at 3:22 AM

No, this last one you pasted is not correct.  It is for .NET 3.5.  The .NET 4.0 one is here (same link as before).  When you go to the link, the .NET 4.0 web.config file contents should appear in the main part of the window -- the bottom, right.  You'll basically want to select all the text with your mouse, and copy, and then paste it into your local file.

Or you download the latest build on the Source Code tab, and get the web.config file from there.  It'll be in the /setup folder.  The name of the file is ASP.NET_4.0_Web.Config.  You would want to rename it to just Web.Config.

Dec 15, 2010 at 3:48 AM

I copied and pasted this one from the link above and the website will not come up at all now.

<?xml version="1.0"?>
<configuration>
	<configSections>
		<sectionGroup name="BlogEngine">
			<section name="blogProvider" requirePermission="false" type="BlogEngine.Core.Providers.BlogProviderSection, BlogEngine.Core" allowDefinition="MachineToApplication" restartOnExternalChanges="true"/>
		</sectionGroup>
	</configSections>
	<BlogEngine>
		<blogProvider defaultProvider="XmlBlogProvider">
			<providers>
				<add name="XmlBlogProvider" type="BlogEngine.Core.Providers.XmlBlogProvider, BlogEngine.Core"/>
				<add name="DbBlogProvider" type="BlogEngine.Core.Providers.DbBlogProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
			</providers>
		</blogProvider>
	</BlogEngine>
	<connectionStrings>
		<clear/>
		<add name="BlogEngine" connectionString="Data Source=MySQLServer;User ID=user;Password=password;persist security info=False;initial catalog=BlogEngine;" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<appSettings>
		<add key="BlogEngine.FileExtension" value=".aspx"/>
		<!-- You can e.g. use "~/blog/" if BlogEngine.NET is not located in the root of the application -->
		<add key="BlogEngine.VirtualPath" value="~/"/>
		<!-- The regex used to identify mobile devices so a different theme can be shown -->
		<add key="BlogEngine.MobileDevices" value="(iemobile|iphone|ipod|android|nokia|sonyericsson|blackberry|samsung|sec\-|windows ce|motorola|mot\-|up.b|midp\-)"/>
		<!-- The name of the role with administrator permissions -->
		<add key="BlogEngine.AdminRole" value="Administrators"/>
		<!-- The name of the role for anonymous(non-authenticated) users. -->
		<add key="BlogEngine.AnonymousRole" value="Anonymous" />
		<!-- The name of the role for Editors -->
		<add key="BlogEngine.EditorsRole" value="Editors" />
		<!--This value is to provide an alterantive location for storing data.-->
		<add key="StorageLocation" value="~/App_Data/"/>
		<!--A comma separated list of script names to hard minify. It's case-sensitive. -->
		<add key="BlogEngine.HardMinify" value="blog.js,widget.js,WebResource.axd"/>
	</appSettings>
    <system.serviceModel>
      <services>
        <service behaviorConfiguration="AuthenticationServiceBehaviors"
          name="System.Web.ApplicationServices.AuthenticationService">
          <endpoint binding="basicHttpBinding" contract="System.Web.ApplicationServices.AuthenticationService" />
        </service>
      </services>
      <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
      <behaviors>
        <serviceBehaviors>
          <behavior name="AuthenticationServiceBehaviors">
            <serviceMetadata httpGetEnabled="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
    </system.serviceModel>
    <system.web.extensions>
      <scripting>
        <webServices>
          <authenticationService enabled="true" requireSSL="false"/>
        </webServices>
      </scripting>
    </system.web.extensions>
	<system.web>
    <compilation debug="false" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
      <expressionBuilders>
        <add expressionPrefix="LinqLength" type="BlogEngine.Core.Compilation.LinqLengthExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Reflect" type="BlogEngine.Core.Compilation.ReflectExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Session" type="BlogEngine.Core.Compilation.SessionExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Server" type="BlogEngine.Core.Compilation.ServerVariableExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="QueryString" type="BlogEngine.Core.Compilation.QueryStringExpressionBuilder, BlogEngine.Core"/>
        <add expressionPrefix="Code" type="BlogEngine.Core.Compilation.CodeExpressionBuilder, BlogEngine.Core"/>
      </expressionBuilders>
    </compilation>
		<globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto"/>
		<httpRuntime enableVersionHeader="false" useFullyQualifiedRedirectUrl="true" maxRequestLength="16384" executionTimeout="3600" requestLengthDiskThreshold="16384" requestValidationMode="2.0"/>
		<machineKey validationKey="D9F7287EFDE8DF4CAFF79011D5308643D8F62AE10CDF30DAB640B7399BF6C57B0269D60A23FBCCC736FC2487ED695512BA95044DE4C58DC02C2BA0C4A266454C" decryptionKey="BDAAF7E00B69BA47B37EEAC328929A06A6647D4C89FED3A7D5C52B12B23680F4" validation="SHA1" decryption="AES"/>
		<authentication mode="Forms">
			<forms timeout="129600" name=".AUXBLOGENGINE" protection="All" slidingExpiration="true" loginUrl="~/Account/login.aspx" cookieless="UseCookies"/>
		</authentication>
		<pages enableSessionState="false" enableViewStateMac="true" enableEventValidation="true" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
			<controls>
				<add namespace="App_Code.Controls" tagPrefix="blog"/>
			</controls>
		</pages>
		<customErrors mode="RemoteOnly" defaultRedirect="~/error.aspx" redirectMode="ResponseRewrite">
			<error statusCode="404" redirect="~/error404.aspx"/>
		</customErrors>
		<membership defaultProvider="XmlMembershipProvider">
			<providers>
				<clear/>
				<add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" passwordFormat="Hashed"/>
				<add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
				<add name="DbMembershipProvider" type="BlogEngine.Core.Providers.DbMembershipProvider, BlogEngine.Core" passwordFormat="Hashed" connectionStringName="BlogEngine"/>
			</providers>
		</membership>
		<roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
			<providers>
				<clear/>
				<add name="XmlRoleProvider" type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core" description="XML role provider"/>
				<add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="BlogEngine" applicationName="BlogEngine"/>
				<add name="DbRoleProvider" type="BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
			</providers>
		</roleManager>
		<siteMap defaultProvider="PageSiteMap" enabled="true">
			<providers>
				<add name="PageSiteMap" description="The site map provider that reads in the .sitemap XML files." type="BlogEngine.Core.Web.Controls.PageSiteMap, BlogEngine.Core"/>
				<add name="SecuritySiteMap" description="Used for authenticated users." type="System.Web.XmlSiteMapProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" securityTrimmingEnabled="true" siteMapFile="Web.sitemap"/>
			</providers>
		</siteMap>
		<httpModules>
			<add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
			<add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
			<add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
			<add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
			<!--Remove the default ASP.NET modules we don't need-->
			<remove name="PassportAuthentication"/>
			<remove name="Profile"/>
			<remove name="AnonymousIdentification"/>
		</httpModules>
		<httpHandlers>
			<add verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" validate="false"/>
			<add verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="js.axd" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" validate="false"/>
			<add verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" validate="false"/>
			<add verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" validate="false"/>
			<add verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" validate="false"/>
			<add verb="*" path="*.htm" type="System.Web.StaticFileHandler"/>
		</httpHandlers>
	</system.web>
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false"/>
		<!-- Enable the staticContent section below to add Expires headers to images for better performance.
				 Some hosting providers does not allow the staticContent section to be set. -->
		<!--
		<staticContent>
			<clientCache httpExpires="Sun, 29 Mar 2020 00:00:00 GMT" cacheControlMode="UseExpires" />
			<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
		</staticContent>
		-->
		<modules>
			<add name="WwwSubDomainModule" type="BlogEngine.Core.Web.HttpModules.WwwSubDomainModule, BlogEngine.Core"/>
			<add name="UrlRewrite" type="BlogEngine.Core.Web.HttpModules.UrlRewrite, BlogEngine.Core"/>
			<add name="CompressionModule" type="BlogEngine.Core.Web.HttpModules.CompressionModule, BlogEngine.Core"/>
			<add name="ReferrerModule" type="BlogEngine.Core.Web.HttpModules.ReferrerModule, BlogEngine.Core"/>
		</modules>
		<handlers accessPolicy="Read, Write, Script, Execute">
			<add name="FileHandler" verb="*" path="file.axd" type="BlogEngine.Core.Web.HttpHandlers.FileHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="ImageHandler" verb="*" path="image.axd" type="BlogEngine.Core.Web.HttpHandlers.ImageHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Syndication" verb="*" path="syndication.axd" type="BlogEngine.Core.Web.HttpHandlers.SyndicationHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Sitemap" verb="*" path="sitemap.axd" type="BlogEngine.Core.Web.HttpHandlers.SiteMap, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Trackback" verb="*" path="trackback.axd" type="BlogEngine.Core.Web.HttpHandlers.TrackbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Pingback" verb="*" path="pingback.axd" type="BlogEngine.Core.Web.HttpHandlers.PingbackHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="OpenSearch" verb="*" path="opensearch.axd" type="BlogEngine.Core.Web.HttpHandlers.OpenSearchHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="MetaWeblog" verb="*" path="metaweblog.axd" type="BlogEngine.Core.API.MetaWeblog.MetaWeblogHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="RSD" verb="*" path="rsd.axd" type="BlogEngine.Core.Web.HttpHandlers.RsdHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="CssHandler" verb="*" path="css.axd" type="BlogEngine.Core.Web.HttpHandlers.CssHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Javascript" path="js.axd" verb="*" type="BlogEngine.Core.Web.HttpHandlers.JavaScriptHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Resource" verb="*" path="res.axd" type="BlogEngine.Core.Web.HttpHandlers.ResourceHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Rating" verb="*" path="rating.axd" type="BlogEngine.Core.Web.HttpHandlers.RatingHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Opml" verb="*" path="opml.axd" type="BlogEngine.Core.Web.HttpHandlers.OpmlHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="BlogML" verb="*" path="blogml.axd" type="BlogEngine.Core.Web.HttpHandlers.BlogMLExportHandler, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="SIOC" verb="*" path="sioc.axd" type="BlogEngine.Core.Web.HttpHandlers.Sioc, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Apml" verb="*" path="apml.axd" type="BlogEngine.Core.Web.HttpHandlers.Apml, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Foaf" verb="*" path="foaf*.axd" type="BlogEngine.Core.Web.HttpHandlers.Foaf, BlogEngine.Core" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode"/>
			<add name="Html" path="*.htm" verb="*" type="System.Web.StaticFileHandler" resourceType="Unspecified" preCondition="integratedMode"/>
		</handlers>
		<!-- Enable the httpProtocol section below to manipulate some HTTP headers.
				 Some hosting providers does not allow the httpProtocol section to be set. -->
		<!--
		<httpProtocol>
			<customHeaders>
				<remove name="X-Powered-By" />
				<add name="Etag" value=" " />
			</customHeaders>
		</httpProtocol>
		-->
	</system.webServer>
</configuration>

Coordinator
Dec 15, 2010 at 4:27 AM

The good thing is that you now have the right .NET 4.0 web.config file :)

First, you're sure that the website / application pool is a .NET 4.0 application pool?

I would change the <customErrors> tag in the web.config file so the mode is "Off" (case sensitive).

<customErrors mode="Off" defaultRedirect="~/error.aspx" redirectMode="ResponseRewrite">

And then try pulling up the site.  Are you getting an error message after making the above change?  If so, if you could post it here, that will be helpful.

Dec 15, 2010 at 12:30 PM
Edited Dec 15, 2010 at 12:32 PM

Ok, the site comes up ok this time, not sure why, as I had the application pool set correctly.  However the same error message appears in a window the size of the edit textbox.  This is the message I get when trying to edit a textbox.

 

(widget$txtText="<p><span style="font...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p><span style="font...").

Source Error: 

 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace: 

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (widget$txtText="<p><span style="font...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8734868
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_Form() +114
   System.Web.HttpRequest.get_Item(String key) +40
   BlogEngine.Core.Web.HttpModules.CompressionModule.ContextPostReleaseRequestState(Object sender, EventArgs e) in E:\Projects\BlogEngine-HG-7\BlogEngine\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:127
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75



Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1

edit:

Maybe I should also mention that when I upgraded this site to RC 2.0 I just published everything from 2.0 except the App Data and Themes folder right over the top of the existing files.

 

 

Coordinator
Dec 15, 2010 at 6:52 PM

Yes, obviously you are using .NET 4.0 since it says that at the bottom of the error message -- so that part is settled.

The way you published sounds okay.

The error message you had from before, and in your latest message says:

To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0".

This is telling us that you can avoid the error message by setting the requestValidationMode="2.0" in the <httpRuntime> tag in the web.config file.

So I don't mean to go in circles :)  but can you double check your web.config file and make sure requestValidationMode="2.0" is in the <httpRuntime> tag.  The latest web.config file you posted here had that, but just want to make sure that that web.config file and requestValidationMode="2.0" attribute actually exists in your web.config file.

At this point, this is the only thing that is coming to mind... I might think of something else.

Dec 15, 2010 at 7:17 PM

Well I can't explain how it happened as I was sure that I published the web.config above but after checking the requestvalidation mode was not there so I added it and everything is well again, thank you Ben.