网址中的冒号(:)在asp.net中导致错误 [英] colon(:) in url causes error in asp.net

问题描述

我正在创建一个webAPI，当我在请求字符串中包含一个冒号(:)时，

I am creating a webAPI, and when i include a colon(:) in the request string,

http://localhost:49579/api/mycontroller/:

我收到此错误:

从客户端(:)检测到一个潜在危险的Request.Path值.
[HttpException(0x80004005):从客户端(:)检测到潜在危险的Request.Path值.]System.Web.HttpRequest.ValidateInputIfRequiredByConfig()+9673044System.Web.PipelineStepManager.ValidateHelper(HttpContext上下文)+53

A potentially dangerous Request.Path value was detected from the client (:).
[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).] System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9673044 System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

我不打算在api的实际请求中包含特殊字符，但是如果某些不良用户在请求中输入特殊字符，则会导致错误.

I don't plan to include special characters in the actual requests for the api, but if some no-good user inputs special characters in the requests it would cause an error.

问题:如何在API端处理此错误?有什么办法吗?还是我应该给开发人员有关此问题的注释?

Question: How do i handle this error on the API side? Is there any way? Or should i just give the developers a note about this issue?

注意:我没有控制将来要访问API的客户端的控件.我正在使用Visual Studio 2012 for Web；我正在使用Visual Studio 2012 for Web..Net版本4.0;ASP.Net WebApi;和C#;我确实认为该代码对于我的情况不是必需的，Api可以工作，除了那些特定的特殊字符.但是，如果您有其他看法，请告诉我您还需要了解什么.
另一个注意事项:我不是在尝试找到在URL中允许它的方法，我只是在寻找专门处理错误的方法.

Note: I don't have controls over the future clients whose going to access the API. I am using Visual Studio 2012 for Web; .Net version 4.0; ASP.Net WebApi; and C#; I do think the code is unnecessary for my case, the Api works except for those certain special characters. But if you think otherwise, please do tell me what else you need to know.
Another Note: I'm not trying to find ways to allow it in a url, i'm just looking for ways to handle the error specifically.

推荐答案

如果确实要允许它，请尝试在web.config中设置 relaxedUrlToFileSystemMapping = true .

If you do want to allow it, try setting relaxedUrlToFileSystemMapping = true in your web.config.

<httpRuntime relaxedUrlToFileSystemMapping = "true" />

MSDN链接和这里是上下文.

或者，更改此配置，然后选择返回相关的错误消息，或者重定向它们或执行任何操作.

Alternatively, make this config change and then choose to return the relevant error message, or redirect them or whatever you want to do.

如果只想在单个方法的请求字符串中使用冒号，则可以始终使用 [ValidateInput(false)] 装饰该Action方法，如中所述href ="https://stackoverflow.com/questions/2673850/validaterequest-false-doesnt-work-in-asp-net-4/11019222#11019222">我的答案.这意味着您无需在web.config中降级请求验证.

If you just want to allow the colon in the request string for a single method you can always decorate that Action Method with [ValidateInput(false)] as explained in more detail in this answer of mine. This means that you don't need to downgrade your request validation in the web.config.

这篇关于网址中的冒号(:)在asp.net中导致错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！