I am using asp.net core 3.1 and receiving values from URL. Its working fine but when I add "+" sign as a part of URL, it gives 404. Example : localhost:9000/api/get/%2B12/values
Asked
Active
Viewed 1,178 times
3 Answers
2
version above IIS7 will refuse to request the URL contains symbols such as '+' by default. The following modifications are required. You need add the following nodes in web.config:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true"/>
</security>
</system.webServer>
But now the .net core project does not have web.config to configure IIS options. You need to go to the location:
vs project location /.vs/config/applicationhost.config to add the above node.
Note that the .vs folder is a hidden folder and needs to be set visible.
mj1313
- 7,930
- 2
- 12
- 32
1
+ is a special character. It should ideally be should be URL encoded as %2B.
Turns out it's not really required though (like in the screenshot below) but I still recommend it. (See: URL encoding the space character: + or %20?)
Here's a working example controller:
[ApiController]
public class ExpController : Controller
{
[Route("/api/exp/{arg}/values")]
public IActionResult Test(int arg) =>
Ok($"The arg is: {arg}");
}
Note how the route parameter is a int. For more complex values (other than just 12, +12, -12; eg: 12+12) the route will need to be a string instead.
galdin
- 12,411
- 7
- 56
- 71
-
localhost:9000/api/get/%2B12/values – Faisal Nov 10 '20 at 12:44
-
@Faisal I've added sample code, play around with it. – galdin Nov 10 '20 at 13:06
-
I have tried this but only + (%2B) is not working.%2F is working fine.Any idea? – Faisal Nov 10 '20 at 13:39
0
Option 1 :
Mess with config to bypass request validation / allowDoubleEscaping (Asp.Net) You need to be aware for certain risk/vulnabilirities described here: https://stackoverflow.com/a/53621095/4798459
.netcore :
Since this issues is related to IIS, not your solution. You need to handle a web.config
- Create a new web.config on the root of your project.
- Right click, properties, set "Copy to Output Directory" to "Copy Always"
- When you publish a .net core app, a "basic web.config" file is created. (For iis)
- You need to copy the content of the "basic web.config".
- You can find the auto-generated web.config file:
- Where your app is already published (local server?)
- You can also publish your api temporarly to a random path on your PC, see details here https://docs.devexpress.com/OfficeFileAPI/401445/dotnet-core-support/publish-net-core-application)
The web.config should like so, i added the tag with a a commentt
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<!-- XML node <security> is added to allow allowDoubleEscaping and add support for + paremeter in a route. Risk:https://stackoverflow.com/a/53621095/4798459 -->
<security>
<requestFiltering allowDoubleEscaping="true"></requestFiltering>
</security>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments="[.\SolutionName.Namespace.dll]" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
- Make sure that the step 2 is done before publishing your app otherwise it wont work.
- Not tested with iisexpress
Option 2
Change pramater type in the api. Intead of being on the route, use a queryString instead
Option 3
Custom solution for request filtetring /routing, which i don't have any example, and seems a bit "over the top".
Option 4, to avoid:
Use an other solution for encoding / decoding special caracter (I have not tried) https://stackoverflow.com/a/55637235/4798459
Iannick
- 146
- 1
- 11