Click here to Skip to main content
15,890,946 members
Search within:


Webapi has problems with some characters.
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
WebAPI2
So I have an APIservice made that does a lot of stuff with data.
One thing it does is get 'Candidates' by their Login data.

Code like this does the job

[HttpGet]
        [Route("{name}/{password}/ByNameAndPassword")]
        public async Task<HttpResponseMessage> GetCandidateByNameAndPasswordAsync(string name, string password)
        {
            var candidate = await candidatesManager.GetCandidateByNameAndPasswordAsync(name, password);

            if (candidate.CandidateId != 0) { return Request.CreateResponse(System.Net.HttpStatusCode.OK, candidate); }
            else { return Request.CreateErrorResponse(HttpStatusCode.NotFound, "Candidate with the requested credentials not found."); }
        }


However, this works in many cases. But in some cases with characters this code isn't even reached by the sender/client.

The problem only happens by a Get.
Inserting data is not a problem.

Example: when I use a Name or Password containing the following list of characters it doesn't work.

#
%
&
*
:
"
'
<
>
?
/
.

My question will be obvious: why doesn't it work if one or more of these characters are involved in case of a GET?

What I have tried:

I have tried anything I could com up with but I really have no ideas anymore.
Posted
Updated 11-Dec-19 14:52pm
Add a Solution

1 solution

Well... the problem is quite evident; many of these are various control or otherwise special characters.

The %, &, #, and / should be visible to anyone who has looked at a URL as separators, fragment identifiers, routing, and escape characters.
I personally would not use GET with a password, as it is just going to be a part of the URL and is subject to browser caching and logging within the server logs.
The solution can be quite evasive to find; especially if you intend on keeping this as a GET method.
In Net Framework, you could work with various elements in the web.config file to relax the various character restrictions, I do not know how to do in a Net.Core/Kestrel environment at this time.
Hopefully the following config references can guide you
Look here:
XML
<system.web>
     <httpRuntime
And here:
XML
<system.webServer>
     <security>
          <requestFiltering allowDoubleEscaping="true">
 
Share this answer
 
Posted
Comments
Wiep Corbier 12-Dec-19 7:52am    
Thanks very much. You made me see the light, and the solution. Instead of a GET I will use a POST (without the actual posting of course)

I POST an object containing the Name and Password.
On the server side I do a query if the Candidate exists and return a response.
MadMyche 12-Dec-19 7:57am    
You're welcome
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Vnsprintf parameter problems with character %
WebApi with WinForms
Webapi and sessions problem
Missing few characters from regex string, when passing it through an external application to the webapi
Specify double quote character in a string
Access a different webapi within the same site
Webapi routing quandary
How to signout a webapi?
WCP and WebAPI Together
Enumerator special characters problem

Advertise
Privacy
Cookies
Terms of Use
Last Updated 11 Dec 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900