Using a colon (:) in a url with ASP.NET/IIS

Question

I'm implementing a custom controller in ASP.NET MVC and really want to be able to use a colon in the urls, so that I can identify class/column names and their values, like so:

http://example.com/user:chaiguy

...but apparently ASP.NET or IIS doesn't allow colons in urls. I did some digging and apparently it's considered a security issue, but, I'm using MVC and am handling all url paths manually (just treating them as strings), and not relating them to the file system, so I'm pretty sure this doesn't apply.

I also heard some talk about implementing a custom Http handler or something.

Any thoughts or ideas would be much appreciated.

---

Er.... why? Seriously, why break standards? – Randolpho

...

I suggest, then, that you investigate building a web service. WCF is a nice technology for that, and it hosts well in IIS.

I happen to like urls, and WCF is way too complicated for my purposes. I want it to be url-compatible, like REST, but capable of more than just navigating hierarchies, or doing well laid-out things. The problem I have with /users/chaiguy is that it is interpreting hierarchy where there is none: in my system "user" is a class, it's not a folder. user:chaiguy means the instance of the user class with the value of "chaiguy", and that is a single entity, that has the potential of having child-entities. So for example:

/user:chaiguy/name

...I would like to display the name of that entity. If I did this with your method, it would look like this:

/users/chaiguy/name

The problem is how do you know what's the class and what's the value? It could be interpreted as

/users/chaiguy:name

in my system, and that doesn't make sense. See what I'm getting at? To give a slightly more complicated example, suppose we want to select a child of the user entity out of multiple instances. So a user might have several email addresses. To select one, we might use:

/user:chaiguy/email:me@here.com/

So it is in fact recursive. It's not a file path, it's more like an XPath (or maybe similar to jQuery based on what little I know of it yet). That is, it's more of a dynamically-evaluated query selection than a hardwired file path. It gets evaluated on the server.

Make no mistake, I'm not building a typical web site or even web service here.

Answer 1

Change the requestPathInvalidCharacters attribute of httpRuntime in web.config:

<httpRuntime maxRequestLength="20480" requestValidationMode="2.0" requestPathInvalidCharacters="" maxQueryStringLength="20480" />

and ASP.NET should no longer block colons from your request path.

Answer 2

Answered similar question here: https://stackoverflow.com/a/12037000/134761

It seems that ASP.net does not allow colons before the '?' in an URL, even if it is encoded as %3A.

For example, these won't work:

http://foo.org/api/persons/foo:bar

http://foo.org/api/persons/foo%3abar

But this works:

http://foo.org/api/persons?id=foo%3abar

In all examples, we would expect ASP.NET MVC to pass "foo:bar" as an id argument, properly decoded. I just tested this with MVC4 and it seems to work. It is annoying that it doesn't accept the URL encoding before the question mark though, but I'm sure there is a good reason for it. Probably to keep everything before the question mark a valid URL and any arguments after the question mark.

Answer 3

Try setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\AllowRestrictedChars. This is from http://support.microsoft.com/?id=820129. I don't know whether ASP.NET/MVC does some checking on their own but if it's only http.sys blocking you, this should fix it.

Answer 4

This web.config setting worked for me. It accepts colons (:) in the url.

<httpRuntime targetFramework="4.6.1" requestPathInvalidCharacters=""/>

Answer 5

I suggest you rethink what you want to do. Use pathing to indicate context and hide your class and field names, mapping particular contexts within your URL paths to class names and fields. If you need to indicate a user, for example, build your URL layout like example.com/users/chaiguy rather than example.com/user:chaiguy.

Answer 6

Actually there is WCF REST available, and you can easily get up and running within an hour by using the WCF Starter Kit available here. This takes the power of REST and merges it with the ease of WCF. Also with WCF you can also create your own transport layer if you need to that can intepret URL's in any way you wish. One interesting thing about the starter kit is that it allowed spaces in the Url, which actually caused some headaches for true REST fundi's.

I wasn't keen on looking at it due to WCF, but you really don't need to know that much. The solution creates everything you need, just add the code.

Answer 7

I would suggest using a period. REST, based on HTTP protocol, is an example of building a new use for HTTP that kept to standards and was highly successful. Perhaps you can do that.

AND a '.' is a standard 'class.method' or 'class.attribute' in many langauges.

Now ME, I wanted to use the colon in time URL parameters, and some places are doing it. I still have to see if I can get away with it.

PS, for me, I may use this: http://www.businesscasualblog.com/2009/07/how-to-share-a-link-to-a-specific-timecode-in-youtube-video.html

esentially '--h--m--s'

Answer 8

Is a colon valid in a url? Short answer no.

Long answer, yes if it's in a url fragment.

Example: http://site/gwturl#user:45/comments (note the colon proceeds the hash tag)

Sources

• this answer,
• Is a colon safe for friendly-URL use?
• along with a personal test of just adding : to a url in ASP.NET and getting the YSOD with A potentially dangerous Request.Path value was detected from the client (:)