ASP MVC（属性）与加字符路由 [英] ASP MVC (attribute) routing with plus chars

问题描述

我有以下途径：

  [路线（KONTO / validera-epost / {电子邮件} / {}哈希）]
公众的ActionResult ValidateEmail（字符串email，字符串哈希）
 

这在它有一个+的伟大工程的util有人使用电子邮件，如：

<$p$p><$c$c>http://localhost:53529/konto/validera-epost/niels%2btest1%40bosmainteractive.se/4eac5247b9e6c9ae2a020957a54dd644

刚开一个空白页结果。

解决方案

这是最有可能是由于的URL在IIS preventing + 安全设置。

要解决（或覆盖/禁用），要么改变它在IIS，或在web.config象下面这样：

 ＆LT; system.webServer＆GT;
  ＆LT;安全＆GT;
    ＆LT;的requestFiltering allowDoubleEscaping =真/＆GT;
  ＆LT; /安全＆GT;
＆LT; /system.webServer>
 

参考文献：结果
  - <一个href=\"http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path\" rel=\"nofollow\">http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path

  - <一个href=\"http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr\">http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr

的注：我已经看到了有关启用该选项的一些安全问题。我建议此功能阅读更多的使用在实际环境中之前。的

编辑根据@瑞安的评论：

  

[..]你可以用一个属性在行动水平将此 [ValidateInput（假）]

I have the following route:

[Route("konto/validera-epost/{email}/{hash}")]
public ActionResult ValidateEmail(string email, string hash)

This works great util someone uses an email with an "+" in it, like:

http://localhost:53529/konto/validera-epost/niels%2btest1%40bosmainteractive.se/4eac5247b9e6c9ae2a020957a54dd644

Just getting an empty page as a result.

解决方案

This is most likely due to a security setting in IIS preventing + in url's.

To resolve (or override/disable), either change it in the IIS, or in the web.config like below:

<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true" />
  </security>
</system.webServer>

References:
- http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path
- http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr

Note: I've seen some security concerns about enabling this option. I'd recommend reading up on this feature more before using in a live environment.

Edit based on @Ryan's comment:

[..] you can apply this at the action level with an attribute [ValidateInput(false)]

这篇关于ASP MVC（属性）与加字符路由的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！