Can't pass in "%26" to a WebGet UriTemplate variable in a WCF service?

Question

I have a WCF service with this declared operation:

[WebGet(UriTemplate = "Test/{*testString}")]
public String Test(String testString)
{
    return testString;
}

However when attempting to invoke the URL Test/You%26Me, IIS returns an error:

A potentially dangerous Request.Path value was detected from the client (&).

My goal is to allow an ampersand in the URI via its URL-Encoding: %26

The wildcard did not help. Is there any way to prevent this error without disabling security features?

score 4 · Accepted Answer · answered Jun 23 '10 at 15:54

4

Try using RequestPathInvalidCharacters configuration property in Web.config avoiding used characters as follows:

<system.web>
   <httpRuntime requestPathInvalidCharacters="<,>,*,:,\\" />
</system.web>

answered Jun 23 '10 at 15:54

Artem Koshelev

I forgot to specify that I'm not using .NET 4.0 yet -- is there a similar option for .NET 3.5? – JoeGaggler Jun 23 '10 at 16:38
I'm afraid the only option in 3.5 is to implement custom RequestValidator: http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx – Artem Koshelev Jun 23 '10 at 17:13

1 Answers1