defining xml as parameter in web api RRS feed

  • Question

  • User-2050139718 posted

    Hello All,

    Please I have a request where i need to accept an xml file as a paramater in a GET method.

    below is code, sample xml and the error

     public string Get(string id)
                    string res = id.ToString();
                    response = res;
                catch (Exception ex)
                    response = ex.Message;
                return response;
    A potentially dangerous Request.Path value was detected from the client (<).

    Any help or sample code would be appreciated.

    Thanks in advance

    Wednesday, February 6, 2019 12:47 AM

All replies

  • User475983607 posted

    Files are POSTed to an endpoint. Please share your code so we can see what you are doing.
    Wednesday, February 6, 2019 1:16 AM
  • User283571144 posted

    Hi Kwames0407,

    A potentially dangerous Request.Path value was detected from the client (<).

    As far as I know, the error means your request path(url) contains the dangerous character "<". 

    To avoid this issue, I suggest you could try to add below config setting in the web.config.

        <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
        <pages validateRequest="false" />

    This will avoid using characters like '<>&' in URL path replacing them with underscores.

    But this will make your application become not security.

    Best Regards,


    Wednesday, February 6, 2019 3:25 AM
  • User-2050139718 posted

    After that I get the error below because of "/" in the string.

    HTTP Error 404.0 - Not Found
    The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

    Wednesday, February 6, 2019 12:00 PM
  • User475983607 posted

    For the second time!  Do not send an XML using an HTTP GET, use a POST,  That's what POST if for!

    Wednesday, February 6, 2019 12:05 PM
  • User753101303 posted


    With web API you could use https://docs.microsoft.com/en-us/aspnet/web-api/overview/formats-and-model-binding/content-negotiation. Deserializing the XML document is done for you and you'll be able to start coding with a deserialized object right away.

    Plus if someone prefer to use JSON instead it will be possible as well without any code change on your side.

    If you absoluty want to to keep the current approach the problem it is likely that you need to url encode your parameter. You are using a C# or a JavaScript client? It needs to be done by the caller. Then you'll have to process the XML file "by hand" (and if you start by deserializing this file, ASP.NET could have done that for you out of the box using option #1).

    Finally by default get is processing simple types and post complex types. Being XML (maybe stored in a file) seems for now just an implementation detail. Stictly speakign you are just try to send an object to a service and so POST would be better.

    Wednesday, February 6, 2019 1:47 PM