ASP.Net Core RC1: System.ArgumentException: Illegal characters in path

Question

Please note: As the answer shows this problem is specific for ASP.Net Core Release Candidate 1.

In ASP.Net Core / MVC 6 accessing the URL http://localhost:58000/Admin/RebuildIndex/AspNetUserRoles/PK_IdentityUserRole%3Cstring%3E

Gives this error:

System.ArgumentException: Illegal characters in path.
   at System.IO.Path.CheckInvalidPathChars(String path, Boolean checkAdditional)
   at System.IO.Path.GetExtension(String path)
   at Microsoft.AspNet.StaticFiles.FileExtensionContentTypeProvider.TryGetContentType(String subpath, String& contentType)
   at Microsoft.AspNet.StaticFiles.StaticFileContext.LookupContentType()
   at Microsoft.AspNet.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNet.IISPlatformHandler.IISPlatformHandlerMiddleware.d__8.MoveNext()

This is due to the < and > characters in the URL. If I access a different page such as http://localhost:58000/Admin/RebuildIndex/AspNetRoles/RoleNameIndex then it works fine.

My route is this:

app.UseMvc(routes =>
{
    // Area route
    routes.MapRoute(name: "areaRoute",
        template: "{area:exists}/{controller}/{action}",
        defaults: new { controller = "Home", action = "Index" });

    // Default route
    routes.MapRoute(
        name: "default",
        template: "{controller=Home}/{action=Index}/{id?}");
});

And the controller I am accessing looks like this:

[Route("Admin")]
public class AdminController : Controller
{
    [Route("RebuildIndex/{tableName}/{indexName}")]
    [HttpGet]
    [Authorize(Roles="Admin")]
    public async Task<IActionResult> RebuildIndex(string tableName, string indexName)
    {
        // ...
    }
}

In previous versions of ASP.Net we used the httpRuntime tag in Web.Config to relax things when we got the "A potentially dangerous Request.Path value was detected from the client (&)" error. So I have tried the following (and some variants of it) in web.config without success:

  <system.web>
    <httpRuntime requestValidationMode="2.0" relaxedUrlToFileSystemMapping="true" requestPathInvalidCharacters="" />
  </system.web>

However looking at the error message this error seems to be because the request is handled as a static file instead of being given to a MVC Controller.

How is this solved in ASP.Net Core?
It would be nice with a solution to allow it only for a particular route.

Answer 1

This is an issue already logged and fixed for RC2 (Which should be released on February 2016, according to the roadmap).

• Check the issue 82 of the AspNet.StaticFiles repo.

In case you wonder, you can check the latest version of the FileExtensionContentTypeProvider class. You will see that TryGetExtension no longer uses System.IO.Path.GetExtension (They even added a comment you will find quite interesting!):

public bool TryGetContentType(string subpath, out string contentType)
{
    string extension = GetExtension(subpath);
    if (extension == null)
    {
        contentType = null;
        return false;
    }
    return Mappings.TryGetValue(extension, out contentType);
}

private static string GetExtension(string path)
{
    // Don't use Path.GetExtension as that may throw an exception if there are
    // invalid characters in the path. Invalid characters should be handled
    // by the FileProviders

    if (string.IsNullOrWhiteSpace(path))
    {
        return null;
    }

    int index = path.LastIndexOf('.');
    if (index < 0)
    {
        return null;
    }

    return path.Substring(index);
}

So I guess you can either wait for RC2 to be released or use your local clone of the StaticFiles repo.