locked
Qustion on sending parameters in url RRS feed

  • Question

  • User2001833234 posted

    Could someone please help.  I have a requirement where I need to send 5 string parameters in the url as a query string.  The main reason is that the string values that I need to have sometimes have illegal characters in them like "Half & Half".  I will sanitize the parameter by sending "Half%20%26%20Half" in it's place.  Any way I have tried the following functions with no luck.  Note:  this is a plain Web API project, not MVC.  

    Thanks in advance.

    Version 1:

    public IHttpActionResult GetHierachy([FromUri] string val1, [FromUri] string val2, [FromUri] string val3, [FromUri] string val4, [FromUri] string val5)
    {
           if (val1 != "")
          {
              return Ok("It Worked");
          }
          else
         {
             //return NotFound();
             return InternalServerError(new Exception("No hierachy level included in request"));
         }Version 2:

    public IHttpActionResult GetHierachy(string val1, string val2, string val3, string val4, string val5)
    {
           if (val1 != "")
          {
              return Ok("It Worked");
          }
          else
         {
             //return NotFound();
             return InternalServerError(new Exception("No hierachy level included in request"));
         }
    }

    Monday, June 13, 2016 8:55 PM

Answers

  • User36583972 posted

    Hi duckkiller53,

    First: Is to safe to make the config changes?  Is there a greater potential for a security breach?

    You can refer the following links.

    http://stackoverflow.com/questions/1453218/is-enabling-double-escaping-dangerous

    You can visit the IIS forum for getting a more detailed response.

    https://forums.iis.net/

    Second: If you set those security flags do I you still need to use [FromUri],  can you just sent the values via Attribute Routing?

    You can remove [FromUri].

            // GET api/values/Half & Half/2/44/sre/hello
            [Route("api/values/{val1}/{val2}/{val3}/{val4}/{val5}")]
            [AllowAnonymous]
            public string Get(string val1, string val2,  string val3,  string val4, string val5)
            {
                string[] eor = new string[] { val1, val2 , val3 , val4 , val5};
                return "OK" + eor.Length.ToString();
            }

    If you have any questions, you can post a new thread  in related forums

    Best Regards,

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 15, 2016 2:01 AM

All replies

  • User36583972 posted

    Hi duckkiller53,

    You can refer the following steps.

    1: You should set your Web.config like the below.

    <system.web> 
        <httpRuntime targetFramework="4.5.2" requestPathInvalidCharacters=""   />
        <pages validateRequest="false" />
      </system.web>
    
       <system.webServer>
        <security>
          <requestFiltering allowDoubleEscaping="true" />
        </security>
       </system.webServer>

    2: Your API method:

            // GET api/values/Half & Half/2/44/sre/hello
            [Route("api/values/{val1}/{val2}/{val3}/{val4}/{val5}")]
            [AllowAnonymous]
            public string Get([FromUri] string val1, [FromUri] string val2, [FromUri] string val3, [FromUri] string val4, [FromUri] string val5)
            {
                string[] eor = new string[] { val1, val2 , val3 , val4 , val5};
                return "OK" + eor.Length.ToString();
            }

    Best Regards,

    Yohann Lu

    Tuesday, June 14, 2016 2:32 AM
  • User2001833234 posted

    Yohann:  

    Thank you so much for the awesome reply.  Could I ask two last questions.

    First: Is to safe to make the config changes?  Is there a greater potential for a security breach?  

    Second: If you set those security flags do I you still need to use [FromUri],  can you just sent the values via Attribute Routing?

    Thanks

    Dave.

    Tuesday, June 14, 2016 1:59 PM
  • User36583972 posted

    Hi duckkiller53,

    First: Is to safe to make the config changes?  Is there a greater potential for a security breach?

    You can refer the following links.

    http://stackoverflow.com/questions/1453218/is-enabling-double-escaping-dangerous

    You can visit the IIS forum for getting a more detailed response.

    https://forums.iis.net/

    Second: If you set those security flags do I you still need to use [FromUri],  can you just sent the values via Attribute Routing?

    You can remove [FromUri].

            // GET api/values/Half & Half/2/44/sre/hello
            [Route("api/values/{val1}/{val2}/{val3}/{val4}/{val5}")]
            [AllowAnonymous]
            public string Get(string val1, string val2,  string val3,  string val4, string val5)
            {
                string[] eor = new string[] { val1, val2 , val3 , val4 , val5};
                return "OK" + eor.Length.ToString();
            }

    If you have any questions, you can post a new thread  in related forums

    Best Regards,

    Yohann Lu

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 15, 2016 2:01 AM