c# – A potentially dangerous Request.Path value was detected from the client (*)

c# – A potentially dangerous Request.Path value was detected from the client (*)

If youre using .NET 4.0 you should be able to allow these urls via the web.config

<system.web>
    <httpRuntime 
            requestPathInvalidCharacters=&lt;,&gt;,%,&amp;,:,,? />
</system.web>

Note, Ive just removed the asterisk (*), the original default string is:

<httpRuntime 
          requestPathInvalidCharacters=&lt;,&gt;,*,%,&amp;,:,,? />

See this question for more details.

The * character is not allowed in the path of the URL, but there is no problem using it in the query string:

http://localhost:3286/Search/?q=test*

Its not an encoding issue, the * character has no special meaning in an URL, so it doesnt matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it.

For example using an arbitrary character as escape character:

query = query.Replace(x, xxx).Replace(y, xxy).Replace(*, xyy);

And decoding:

query = query.Replace(xyy, *).Replace(xxy, y).Replace(xxx, x);

c# – A potentially dangerous Request.Path value was detected from the client (*)

For me, I am working on .net 4.5.2 with web api 2.0,
I have the same error, i set it just by adding requestPathInvalidCharacters=
in the requestPathInvalidCharacters you have to set not allowed characters else you have to remove characters that cause this problem.

<system.web>
     <httpRuntime targetFramework=4.5.2 requestPathInvalidCharacters= />
     <pages  >
      <namespaces>
     ....
 </namespaces>
    </pages> 
  </system.web>

**Note that it is not a good practice, may be a post with this parameter as attribute of an object is better or try to encode the special character.
— After searching on best practice for designing rest api, i found that in search, sort and paginnation, we have to handle the query parameter like this

/companies?search=Digital%26Mckinsey

and this solve the problem when we encode & and remplace it on the url by %26
any way, on the server we receive the correct parameter Digital&Mckinsey

this link may help on best practice of designing rest web api
https://hackernoon.com/restful-api-designing-guidelines-the-best-practices-60e1d954e7c9

Leave a Reply

Your email address will not be published.