6

So I have one endpoint on my ASP.NET Web API project that needs to accept special characters (such as %, <, >) to validate the uniqueness of a name within the system. So for the following route:

[Route("~/api/case/{name}/infosys/{system}")]

... {name} may contain a special character. For this endpoint only is there a way that I can tell Web API to allow special characters and not give this error:

HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (%).

Note: This is a Web API project so the [ValidateInput(false)] and [AllowHtmlAttribute] decorators are not available. Also, I don't want to loosen this restriction on any other endpoint by modifying my Web.config:

No
<httpRuntime requestValidationMode="2.0" />

...

No
<pages validateRequest="false">

...

No
<httpRuntime requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?" />
Oliver Spryn
  • 16,871
  • 33
  • 101
  • 195
  • AllowHtmlAttribute maybe? – James R. Apr 07 '16 at 19:54
  • @JamesR. Well, I'm not necessarily allowing just HTML for this route, and `AllowHtmlAttribute` is not available in Web API. – Oliver Spryn Apr 07 '16 at 19:56
  • oh well. Sorry, was just taking a shot in the dark... – James R. Apr 07 '16 at 19:59
  • @OliverSpryn: Did you find a solution meeting your requirements? I too do not want to update web.config and want to have action (or controller) specific. Could you please tell me how you solved this issue? – sam Dec 16 '16 at 03:11

1 Answers1

5

I tested this piece of code and it works:

httpRuntime targetFramework="4.5.1" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\,?"
Kurt Van den Branden
  • 11,995
  • 10
  • 76
  • 85
enraged
  • 391
  • 4
  • 7