8

I have a controller in an MVC 4 .NET application that receives a string as a parameter from an URL. This comes from an aspx page redirected to the controller in Route.config.

If I send this value for the parameter in the client: fwdgerhb+bhrth+ftrgbhrt

I get the following value at the server: fwdgerhb bhrth ftrgbhrt

The server is interpreting the URL parameter value as an encoded URL and replaces + by . But it has not been URL encoded. This will occur for other combinations of special chars if they appear in the parameter value.

Is there a config parameter in IIS Server to configure the server to not try to URL-decode this value?

Example Request:

mypage.aspx?value=cat+dog    (NOT ENCODED)

Route Config

static void RegisterRoutes(RouteCollection routes)
{
    routes.MapRouteLowercase(
        name: "MyRouter",
        url: "mypage.aspx",
        defaults: new { controller = "My", action = "DoLog" }
    );
}

The controller:

public class MyController : Controller
{
    [AllowAnonymous]
    public ActionResult DoLog(string value)
    {
        //Here value has "cat dog"
    }
}
dhalfageme
  • 1,444
  • 4
  • 21
  • 42
  • Your controller is written in VB.Net or C#? Can you post the code please? – bovino Marcelo Bezerra Oct 03 '14 at 14:14
  • Is C#. I posted it, but I think it doesn't matter, it's not a code issue, I have to send the parameter without encode it, so I only need how to make the server know that the URL comes without encoding. – dhalfageme Oct 03 '14 at 14:21
  • What is your requirement? Is it to get the encoded parameter back e.g: `fwdgerhb+bhrth+ftrgbhr` in which case why don't you [UrlEncode](http://msdn.microsoft.com/en-us/library/system.web.httputility.urlencode(v=vs.110).aspx) it yourself? – DGibbs Oct 03 '14 at 14:23
  • Because I'have distributed old code without encoding this value, and the controller has to be compatible with it – dhalfageme Oct 03 '14 at 14:25
  • 1
    @Dani so whats stopping you encoding it when it hits the controller assuming that's what you want to do (you haven't clarified)? – DGibbs Oct 03 '14 at 14:30
  • I'm only investigating if there's an option to indicate MVC that URL are not encoded, I think it is a better way to accomplish it, since it's weird to URL Encode the received URL in the server, I'm only looking for an alternative, if it exists. – dhalfageme Oct 03 '14 at 14:31

2 Answers2

15

You can use the following to grab the query-string manually from the controller:

Request.QueryString.Get("value");

Or, to get it from the view:

Html.ViewContext.HttpContext.Request.QueryString.Get("value");

But honestly, why not just encode the string yourself before you send it through the routing:

HttpUtility.UrlEncode(value);

and then when you get the the value again:

HttpUtility.UrlDecode(value);

So that way you have control of your string

Update

You can also do the following to allow your routeConfig to allow the "+" attribute:

<location path="CustomHttpHandler">
  <system.webServer>
    <security>
      <requestFiltering allowDoubleEscaping="true" />
    </security>
  </system.webServer>
</location>

Here is a question that tells you the ups and downs of turning this on and off: Is Enabling Double Escaping Dangerous?

Community
  • 1
  • 1
Termato
  • 1,556
  • 1
  • 16
  • 33
  • Because I'have distributed old client code without encoding this value, and the controller has to be compatible with it. Going to try your solution. – dhalfageme Oct 03 '14 at 14:50
  • Not, I also get the "+" sign as spaces – dhalfageme Oct 03 '14 at 14:53
  • Than your string is still not being encoded before being put into the URL. When I try to send in the string **1+2** using `HttpUtility.UrlEncode("1+2");` I get **1%252b2** which then turns back into **1+2** when I do `HttpUtility.UrlDecode("1%252b2");`. Is there no way you can modify what values coming in? – Termato Oct 03 '14 at 14:58
  • It's not only the "+", it's any character, the value is an encrypted string – dhalfageme Oct 03 '14 at 15:27
10

Yes, MVC automatically URL decodes action parameters, but you can still access the URL encoded version through a query string. As you can see in this question: Is MVC2 ASP.Net URLDecoding automatically?

You can also try to access a server variable named UNENCODED_URL. More information about this scenario can be found here: URL Rewrite Module Configuration Reference

Community
  • 1
  • 1
bovino Marcelo Bezerra
  • 2,042
  • 16
  • 28
  • There's a config parameter to avoid this behavior or I have to URL encode it again in the controller to obtain the correct value? – dhalfageme Oct 03 '14 at 14:27
  • I don´t know about the existence of any config parameter to avoid this. And you cal also use var unicornName = requestQuery["value"]; with needing to urlEncode it again – bovino Marcelo Bezerra Oct 03 '14 at 14:36
  • I tried now to URL Encoding it on server, but the encoding done is diferent to the URL Decoding done by the MVC framework. For example. If I receive the string "/" it remains as "/" when MVC decodes it, but URL-Encoding it again, I get "%2f", so it's not valid... – dhalfageme Oct 03 '14 at 14:41
  • have you tried string valueStr= Request.QueryString["value"] ; ? – bovino Marcelo Bezerra Oct 03 '14 at 14:43
  • Yes, this gives me the same value has the parameter I receive – dhalfageme Oct 03 '14 at 14:49
  • 2
    You probalbly dont the need this but..... you can also try to acess a server variable named UNENCODED_URL. More information about this scenario can be found here: http://www.iis.net/learn/extensions/url-rewrite-module/url-rewrite-module-configuration-reference#Preserving%5FOriginal%5FURL – bovino Marcelo Bezerra Oct 03 '14 at 14:53
  • another possible solution is using the RawUrl as follows var Url = HttpContext.Request.RawUrl; and then parse that string – bovino Marcelo Bezerra Oct 03 '14 at 15:00
  • 2
    Yes, readingn UNENCODED_URL I can get the correct value, many thanks – dhalfageme Oct 03 '14 at 15:18