I have implemented custom ActionFilterAttribute to create custom web access log and OnActionExecuted I try to access ActionExecutedContext.HttpContext.Request.Formcollection using Request.Form.GetValues("key") i get this error:
A potentially dangerous Request.Form value was detected from the client (Aplications[0].Name="...."
because in my submitted form inputs contains HTML code.
I don't want to disable some .net MVC integrated security using validateRequest="false" and also I can't set to all my input or actions [AllowHtml] or ValidateInput(false) because my action filter catch all my controllers.
I found a hack solution but is no other option?
using (var reader = new StreamReader(request.InputStream))
{
var content = reader.ReadToEnd();
var inputsNameValueCollection = HttpUtility.UrlDecode(content).Split('&');
foreach (string input in inputsNameValueCollection)
{
var inputNameValue = input.Split('=');
var inputName = nameValue[0];
var inputValue = nameValue[1];
}
}