MVC WEB API routing fails when url contains encoded ampersand

espvar picture espvar · Jan 16, 2013 · Viewed 30.7k times · Source

When i call my webservice witch takes two parameters i get:

A potentially dangerous Request.Path value was detected from the client (&).

Routeconfig:

config.Routes.MapHttpRoute(
name: "PropertiesSearch",
routeTemplate: "api/property/Search/{category}/{query}",
defaults: new { controller = "Property", action = "Search", category = "common", query = string.Empty }
);

Controllermethod:

[HttpGet]
public SearchResult Search(string category, string query)
{
}

When i call the api with:

/api/property/search/homes/areaId%3D20339%26areaId%3D20015

A potentially dangerous Request.Path value was detected from the client (&).

Doing this:

/api/property/search/homes/?query=areaId%3D20339%26areaId%3D20015

works fine.

How do i solve the routing decoding problem?

Answer

Darin Dimitrov picture Darin Dimitrov · Jan 16, 2013

Scott Hanselman blogged about this. You might want to check the requestPathInvalidCharacters property of the <httpRuntime> node in your web.config.

Personally I would avoid such characters in the uri portion and simply put those values as query string parameters.