0

We are trying to handle '*'(asterisk) in the querystring for search operation and getting the below error. we have tried using the requesstPathInvalidChacters in webconfig and [FromUri] in Routes, but no luck. The call is not even reaching the controller block

sample request Url: http://localhost:8080/test/search/ABCD*12*234

   <httpRuntime targetFramework="4.5.2" maxRequestLength="2097152" requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?,*" />

Exception:

<!DOCTYPE html>
<html>
    <head>
        <title>A potentially dangerous Request.Path value was detected from the client (*).</title>
        <meta name="viewport" content="width=device-width" />

    <body bgcolor="white">

            <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>

            <h2> <i>A potentially dangerous Request.Path value was detected from the client (*).</i> </h2></span>

            <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">

            <b> Description: </b>An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

            <br><br>

            <b> Exception Details: </b>System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (*).<br><br>

            <b>Source Error:</b> <br><br>

            <table width=100% bgcolor="#ffffcc">
               <tr>
                  <td>
                      <code>

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</code>

                  </td>
               </tr>
            </table>

            <br>

            <b>Stack Trace:</b> <br><br>

            <table width=100% bgcolor="#ffffcc">
               <tr>
                  <td>
                      <code><pre>

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (*).]
   System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9859608
   System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53
</pre></code>
user287
  • 13
  • 5
  • Possible duplicate of [A potentially dangerous Request.Path value was detected from the client (\*)](https://stackoverflow.com/questions/5967103/a-potentially-dangerous-request-path-value-was-detected-from-the-client) – Alex K. Feb 21 '18 at 16:44
  • I did tried with the options provided in that link, but didn't work for me – user287 Feb 21 '18 at 16:54

1 Answers1

0

I just tried it in ASP .NET Core 2.0 Web API project and it worked for me with out any issues. But please refer to this for a potential fix.

Below code worked for me in .Net Core 2:

[Route("test/search/{id}")]
[HttpGet()]
public string Test(string id)
{
    return id;
}

URL: http://localhost:56403/api/values/test/search/ABCD*12*234

Result: ABCD*12*234

Aleks Andreev
  • 7,016
  • 8
  • 29
  • 37
Kiran Rani
  • 154
  • 1
  • 9
  • thank you Kiran and Alex.. Its working after removing targetFramework="4.5.2" section in httpRuntime.I am not sure what is the cause here. I have replaced it with below: – user287 Feb 21 '18 at 19:09