ASP MVC(属性)与加字符路由 [英] ASP MVC (attribute) routing with plus chars
问题描述
我有以下途径:
[路线(KONTO / validera-epost / {电子邮件} / {}哈希)]
公众的ActionResult ValidateEmail(字符串email,字符串哈希)
这在它有一个+的伟大工程的util有人使用电子邮件,如:
<$p$p><$c$c>http://localhost:53529/konto/validera-epost/niels%2btest1%40bosmainteractive.se/4eac5247b9e6c9ae2a020957a54dd644刚开一个空白页结果。
这是最有可能是由于的URL在IIS preventing +
安全设置。
要解决(或覆盖/禁用),要么改变它在IIS,或在web.config象下面这样:
&LT; system.webServer&GT;
&LT;安全&GT;
&LT;的requestFiltering allowDoubleEscaping =真/&GT;
&LT; /安全&GT;
&LT; /system.webServer>
参考文献:结果
- <一个href=\"http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path\" rel=\"nofollow\">http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path
- <一个href=\"http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr\">http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr
的注:我已经看到了有关启用该选项的一些安全问题。我建议此功能阅读更多的使用在实际环境中之前。的
编辑根据@瑞安的评论:
[..]你可以用一个属性在行动水平将此
[ValidateInput(假)]
块引用>I have the following route:
[Route("konto/validera-epost/{email}/{hash}")] public ActionResult ValidateEmail(string email, string hash)
This works great util someone uses an email with an "+" in it, like:
http://localhost:53529/konto/validera-epost/niels%2btest1%40bosmainteractive.se/4eac5247b9e6c9ae2a020957a54dd644
Just getting an empty page as a result.
解决方案This is most likely due to a security setting in IIS preventing
+
in url's.To resolve (or override/disable), either change it in the IIS, or in the web.config like below:
<system.webServer> <security> <requestFiltering allowDoubleEscaping="true" /> </security> </system.webServer>
References:
- http://www.ifinity.com.au/Blog/EntryId/60/404-Error-in-IIS-7-when-using-a-Url-with-a-plus-sign-in-the-path
- http://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystrNote: I've seen some security concerns about enabling this option. I'd recommend reading up on this feature more before using in a live environment.
Edit based on @Ryan's comment:
[..] you can apply this at the action level with an attribute
[ValidateInput(false)]
这篇关于ASP MVC(属性)与加字符路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!