Why does %2b break asp.net mvc routing?

Question

Sorry if this has been asked before, but I couldn't find a solution to this problem.

My route is defined as a/{param1}/{param2}/{param3}/{param4}/{param5}.

Everything works when the parameters are simply words, but when any of the parameter look like someword%2bsomeotherword, everything breaks and the route isn't matched. If I remove the %2b, then the route is resolved.

This is the first route registered, so I don't think it's finding a better route first.

Sorry if this is answered somewhere, but I have gone through a bunch of SO answers and other links. Routes in MVC have always eluded me.

Thank you for any help.

Did you see this post: http://stackoverflow.com/questions/9373642/how-to-deal-in-asp-net-mvc3-routes — amrinea, May 19 '17 at 20:48
I have. It causes a "potentially unsafe request" exception. I should have mentioned that this happens on iisexpress as well, not just on iis. — Kolichikov, May 19 '17 at 20:53
use "requestPathInvalidCharacters" maybe Take a look at : http://stackoverflow.com/questions/14009618/how-do-i-enable-special-characters-in-mvc-routing — salah-1, May 19 '17 at 21:07
I'm not sure why it breaks it without creating a sample solution. Could you change your parameters to be querystring values instead? It seems like a lot of parameters to be strung together. — amrinea, May 20 '17 at 00:54

score 0 · Answer 1 · answered Dec 01 '22 at 17:13

The issue is IIS here, not the solution itself / code.

Option 1 :

Mess with config to bypass request validation / allowDoubleEscaping (Asp.Net) You need to be aware for certain risk/vulnabilirities described here: https://stackoverflow.com/a/53621095/4798459

Asp.net :

use web.config directly in solution add this: Credit: https://stackoverflow.com/a/6026291/4798459

<system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

.netcore :

Since this issues is related to IIS, not your solution. You need to handle a web.config

Create a new web.config on the root of your project.
Right click, properties, set "Copy to Output Directory" to "Copy Always"
When you publish a .net core app, a "basic web.config" file is created. (For iis)
- You need to copy the content of the "basic web.config".
- You can find the auto-generated web.config file:
- Where your app is already published (local server?)
- You can also publish your api temporarly to a random path on your PC, see details here https://docs.devexpress.com/OfficeFileAPI/401445/dotnet-core-support/publish-net-core-application)

The web.config should like so, i added the tag with a a commentt

<configuration>
    <location path="." inheritInChildApplications="false">
        <system.webServer>
            <!-- XML node <security> is added to allow allowDoubleEscaping and add support for + paremeter in a route. Risk:https://stackoverflow.com/a/53621095/4798459 -->
            <security>
                <requestFiltering allowDoubleEscaping="true"></requestFiltering>
            </security>
            <handlers>
                <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
            </handlers>
            <aspNetCore processPath="dotnet" arguments="[.\SolutionName.Namespace.dll]" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
        </system.webServer>
    </location>
</configuration>

Make sure that the step 2 is done before publishing your app otherwise it wont work.
Not tested with iisexpress

Option 2

Change pramater type in the api. Intead of being on the route, use a queryString instead

Option 3

Custom solution for request filtetring /routing, which i don't have any example, and seems a bit "over the top".

Option 4, to avoid:

Use an other solution for encoding / decoding special caracter (I have not tried) https://stackoverflow.com/a/55637235/4798459