Greetings,
I have just updated one of our development portals from 10.3.1 to 10.4. The portal comes up OK, but when trying to switch between top menu items, the following error is thrown in Internet Explorer 11:
A potentially dangerous Request.Path value was detected from the client (:).
We are running our portal (and IIS-based web adaptor) on Windows Server 2012 R2. Some research indicated that ESRI moved to .NET 4.x at this release, which has more secure request validation in ASP.NET.
The good news is that this error only affects IE configurations that have Compatibility View enabled. The bad news is that many organizations (including ours) have this turned on by default for intranet applications needing earlier versions of IE. I have logged an ESRI case on this, but if anyone experiences this error, turning Compatibility View off is the workaround.
Sorry for the delay in response. Juggling too many objects right now. I have
no control of our internet explorer policy as I work on a Federal network for
the Army. They specify the appropriate version...
For compatibility settings, no websites are in the compatibility list and
Display intranet sites in compatibility view is unchecked by security policy.
For portal security settings, I have tried all possible combinations of HTTPS
only and allow anonymous access. Currently don't have the https only checked
and allow anonymous is checked.
ArcGIS rest services can be accessed either by http or https.
I have one everything from SQL server express to portal on the same virtual
machine.
I have one web adaptor configured for ArcGIS Server and another for Portal
A Self signed certificate is being used.
Thanks,
Joe
Joseph N. Tack PhD, PE, GISP
GIMS Administrator
Ohio Army National Guard
Directorate of Installations Management
2825 W. Dublin Granville Road
Columbus, Ohio 43235
P: 614-336-7089
F: 614-336-7154
We're working around this by updating the web.config as:
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=11" />
</customHeaders>
</httpProtocol>
Still not getting this to work. perhaps you can supply the full config file with this code in it.
The web.config file is found here: C:\inetpub\wwwroot\<webadaper>
Find this section (in our file it starts at line 250):
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
Add the code provided by Randall.
still not working. this is fine on the server running the web adaptor. our folks here think security on local intranet settings also play a factor.
let me define 'not working'. yes the double url no longer appears from address , but the page also disappears. i have to refresh 3 times to MAYBE see the full page.
we left the compatibility view on, and tried to change the local intranet settings. same result. the address not doubled but page not displaying properly.
UPDATE ISSUE WAS AN ADD-ON
I have a particular add on that once disabled, resolved the disappearing act. I reset my IE to orginal settings and everything worked. so i went to another machine which had my personal settings and noticed an add-on
Thanks Randall. I have tried this edit in web.config on the dev portal and restarted IIS. On the few IE 11 client PCs tested so far, the error no longer displays with compatibility mode on. Will post an update later when more are tested.