Article ID: 887289 - View products that this article applies to.
To aid customers in protecting their ASP.NET applications, Microsoft has made available an HTTP module that implements canonicalization best practices. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
887459For additional information about how to determine the version of ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/887459/ )Programmatically check for canonicalization issues with ASP.NET
(http://support.microsoft.com/kb/318785/ )Determine whether service packs are installed on the .NET Framework
When a Web server receives a URL, the server maps the request to a file system path that determines the response. The canonicalization routine that is used to map the request must correctly parse the URL to avoid serving or processing unexpected content. Unhandled canonicalization issues can lead to unexpected results. For more information about canonicalization, visit the following Microsoft Web site:
Microsoft.Web.ValidatePathModule.dll - HTTP module
Download informationThe following file is available for download from the Microsoft Download Center:
Download the VPModule.msi package now.
Collapse this imageExpand this image
Release Date: October 7, 2004
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to obtain Microsoft support files from online services
PrerequisitesThe VPModule.msi file is designed for the 32-bit Microsoft .NET Framework.
Before you install the VPModule.msi file, back up all the instances of the Machine.config file on your computer. To create a backup copy of the Machine.config file, follow these steps:
Installation informationMicrosoft has released an installation package that is named VPModule.msi. The VPModule.msi file installs the Microsoft.Web.ValidatePathModule.dll file on your system. The installation updates the Machine.config file or files with a new HTTP module entry on all installed versions of .NET Framework.
To use the installation package, download the VPModule.msi file, double-click the package to begin installation, and then follow the installation instructions.
What the VPModule.msi does
The installer first extracts a file that is named Microsoft.Web.ValidatePathModule.dll. The installer then updates all the Machine.config files that exist on the system so that the files have an entry that looks like the following:
The installer then adds the Microsoft.Web.ValidatePathModule.dll file to the Global Assembly Cache (GAC).
For developers who want to understand what the Microsoft.Web.ValidatePathModule.dll file does programmatically, the source code is available below:
For information about command-line switches that you can use to install the module, visit the following Microsoft Web site:
Installation verification informationWhen the module is installed correctly, the following registry key exists:
Note This registry key does not exist on the system if you manually install the HTTP module as described in the "Custom installation information" section. The /a option only extracts files. It does not update the registry.
Removal informationTo remove these changes, run the VPModule.msi file and select the Remove option. Alternatively, use Add/Remove Programs in Control Panel.
Unattended informationUse the following command to install these changes in unattended mode:
msiexec /i vpmodule.msi /qb-Use the following command to remove these changes in unattended mode:
msiexec /x vpmodule.msi /qb-
Custom installation informationTo manually install the HTTP module, follow these steps:
Known issuesThe following are known issues:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
887405For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/887405/ )How to use Windows Installer and Group Policy to deploy the VPModule.msi in an Active Directory domain
887404For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/887404/ )How to use Systems Management Server 2003 to deploy the ValidatePath module
887290For more information about session states, visit the following Microsoft Web site:
(http://support.microsoft.com/kb/887290/ )How to use the ASP.NET ValidatePath Module Scanner (VPModuleScanner.js)
Article ID: 887289 - Last Review: December 3, 2007 - Revision: 3.9
Contact us for more help
Connect with Answer Desk for expert help.