2

I have following asp.net web api on my serverside which is supposed to take either phone number or email address as user login name.It works perfectly fine with email address and phone number without having '+' prefixed to it.When phone number has + this api never gets hit.

Class level routeprefix: [RoutePrefix("api/Account")]

[HttpPost]
[HttpOptions]     
[Route("{UserName}/ResetCode")]
public IHttpActionResult ResetCode([FromUri]string userName, [FromUri]string lan = null)
{
    service.ResetCode(userName, language);
    return Ok();
}

Fiddler request: with + in phone number:

http://localhost:56771/api/Account/%2B18888888888/ResetCode?lan=en-US

This does not hit my api.

Fiddler request without +:

http://localhost:56771/api/Account/18888888888/ResetCode?lan=en-US

This Url hits the service.

Fiddler request with email:

http://localhost:56771/api/Account/abc%40GMAIL.COM/ResetCode?lan=en-US

This Url hits the service.

What could be the reason for first url(listed above) is unable to hit the service.

Thanks for your help.

Kumar
  • 267
  • 2
  • 4
  • 17

1 Answers1

2

It could be that %2B in the URL is received or understood as +, which then translates to a space.

You can try preventing this by also encoding the % sign, a practice known as double encoding. + then becomes %252B. Let me know if this helps.

Update, to make the answer more complete (with thanks to J.H.):

You also need to make sure that the following setting is present in Web.Config.

<system.webserver>
    <security>
        <requestFiltering allowDoubleEscaping="true">
    </security>
</system.webserver>

For more info on this, see e.g. this answer

Peter B
  • 22,460
  • 5
  • 32
  • 69
  • It did not work either: http://localhost:56776/api/Account/%252B7276669645/RequestResetCode?language=en-US&countryId=9305 – Kumar Apr 30 '18 at 20:28
  • 1
    https://stackoverflow.com/a/28228717/2141972 Does that make it work? webconfig - – J.H. Apr 30 '18 at 20:49
  • Thanks J.H., I learned something too! Did some searching, here is a useful answer with more background info: https://stackoverflow.com/a/1453287/1220550 – Peter B Apr 30 '18 at 21:58
  • Thanks Peter and JH ! You guys saved me some time here ! – Kumar Apr 30 '18 at 23:43
  • It looks like the config part is rather essential so I added it into my answer. – Peter B May 01 '18 at 11:51
  • Yeah, I could see that.Without that section added in web config. web api was stubborn to net let through the calls – Kumar May 01 '18 at 14:19