Can the following Microsoft document help?
Replicating ASP.NET Request Validation Behavior in .NET 8 for Automatic Input Validation ?
In our current ASP.NET Framework 4.7.2 application, we utilize request validation to automatically check for potentially malicious input by setting requestValidationMode to 4.0 in the web.config file. This ensures that requests are validated for dangerous content whenever any request properties (like Request.Form, Request.QueryString, etc.) are accessed, offering built-in protection against XSS and other attacks.
However, in .NET 8, the requestValidationMode feature is no longer available, and we need to implement a similar validation mechanism manually using middleware or action filters. The challenge is that our current manual implementations don't provide the same automatic behavior—where validation happens each time, we access request properties.
Is there a recommended approach to replicate this exact behavior in .NET 8, where validation automatically occurs upon accessing request data (similar to how it worked in ASP.NET Framework)? How can we implement this in .NET 8 to ensure the same level of security and robustness as before?