当URL包含连接codeD符号的MVC Web API路由失败 [英] MVC WEB API routing fails when url contains encoded ampersand

问题描述

当我打电话给我的web服务女巫有两个参数，我得到：

When i call my webservice witch takes two parameters i get:

从客户端检测到有潜在危险的Request的值（安培）。

A potentially dangerous Request.Path value was detected from the client (&).

Routeconfig：

Routeconfig:

config.Routes.MapHttpRoute(
name: "PropertiesSearch",
routeTemplate: "api/property/Search/{category}/{query}",
defaults: new { controller = "Property", action = "Search", category = "common", query = string.Empty }
);

Controllermethod：

Controllermethod:

[HttpGet]
public SearchResult Search(string category, string query)
{
}

当我打电话与API：

/ API /属性/搜索/家庭/ areaID表示％3D20339％26areaId％3D20015

/api/property/search/homes/areaId%3D20339%26areaId%3D20015

从客户端检测到有潜在危险的Request的值（安培）。

A potentially dangerous Request.Path value was detected from the client (&).

这样做：

/ API /属性/搜索/家庭/？查询= areaID表示％3D20339％26areaId％3D20015

/api/property/search/homes/?query=areaId%3D20339%26areaId%3D20015

正常工作。

我要如何解决路由解码问题？

How do i solve the routing decoding problem?

推荐答案

斯科特Hanselman的<一个href=\"http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx\">blogged这个。你可能要检查的 requestPathInvalidCharacters 属性＆LT;的httpRuntime方式＆gt; 节点在你的web.config

Scott Hanselman blogged about this. You might want to check the requestPathInvalidCharacters property of the <httpRuntime> node in your web.config.

个人而言，我会避免这样的字符在URI部分，简单地把这些值作为查询字符串参数。

Personally I would avoid such characters in the uri portion and simply put those values as query string parameters.

这篇关于当URL包含连接codeD符号的MVC Web API路由失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！