C# .NET - Erro sending HTML mail - Asked By Dom Afonso on 04-Sep-12 09:07 AM

I am having an error while tring to send HTML mail. The error looks like below. The e-mails and password are fictitious. I use real ones in my asp.net application. The html that is contained in htmlTextBox.Text property is: 
<html><body>Test html e-mail</body></html>

 
protected void sendHTMLMail()
    {
        var smtpClient = new SmtpClient();
        var message = new MailMessage();
        smtpClient.Host = "smtp.live.com";
        smtpClient.Port = 25;
        message.From = new MailAddress("myhotmailmail@hotmail.com", "mypassword");
        message.To.Add(new MailAddress("myyahoomail@yahoo.com.br"));
        message.Subject = "HTML";
        message.IsBodyHtml = true;
        message.Body = htmlTextBox.Text;
        smtpClient.Timeout = 15000;
        smtpClient.EnableSsl = false;
        smtpClient.Send(message);
    }
The error a get when I run the code is below:

 potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$htmlTextBox="<html><body>Test htm...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$htmlTextBox="<html><body>Test htm...").

Source Error: 

[No relevant source lines]

Source File: c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\website3\a307838f\3c9d09e4\App_Web_trpg3bzd.2.cs    Line: 

Stack Trace: 

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$htmlTextBox="<html><body>Test htm...").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8860756
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_Form() +150
   System.Web.HttpRequest.get_HasForm() +9036751
   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
   System.Web.UI.Page.DeterminePostBackMode() +69
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
   System.Web.UI.Page.ProcessRequest() +78
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.default_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\website3\a307838f\3c9d09e4\App_Web_trpg3bzd.2.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
Robbe Morris replied to Dom Afonso on 04-Sep-12 10:43 AM
The error message tells you what to do.  Add ValidateRequest="false" to your "Page" tag at the top of your aspx page.
Rohan Dave replied to Dom Afonso on 04-Sep-12 11:21 AM
try to set "ValidateRequest = false" in page directive.

Or

Go to the web.config file and find <httpRuntime> and set  <httpRuntime requestValidationMode="2.0">