I ran into this issue this week when logging in to Remote Desktop Web Access. As soon as I entered my password and logged in, I got an Error 500 page:
Server Error in ‘/RDWeb/Pages’ Application.
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a “web.config” configuration file located in the root directory of the current web application. This <customErrors> tag should then have its “mode” attribute set to “Off”.
When accessing the login page on the server itself, I got a more detailed error:
Here’s the text from the error message:
Server Error in '/RDWeb/Pages' Application.
<br>A potentially dangerous Request.Form value was detected from the client (UserPass="…05yIXfjPCk<SY1JeHWc"). <br>
ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (UserPass="…05yIXfjPCk<SY1JeHWc").
<br>An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. <br>
<br>[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (UserPass="…05yIXfjPCk<SY1JeHWc").]<br>System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +12393914<br> System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection) +203<br> Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.ExtractInfoFromForm(HttpContext objHttpContext) +105<br> Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSFormsAuthentication.OnAuthenticateRequest(Object source, EventArgs e) +890<br> System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92<br>System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
The issue is caused by a special character in the user’s password, such as ‘<‘ or ‘>‘ and seems to be a security feature of ASP.NET.
Changing my password to something not containing the special characters mentioned above, fixed the issue.