Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

URL Parameter encoding in MVC .NET

I have a controller in an MVC 4 .NET application that receives a string as a parameter from an URL. This comes from an aspx page redirected to the controller in Route.config.

If I send this value for the parameter in the client: fwdgerhb+bhrth+ftrgbhrt

I get the following value at the server: fwdgerhb bhrth ftrgbhrt

The server is interpreting the URL parameter value as an encoded URL and replaces + by . But it has not been URL encoded. This will occur for other combinations of special chars if they appear in the parameter value.

Is there a config parameter in IIS Server to configure the server to not try to URL-decode this value?

Example Request:

mypage.aspx?value=cat+dog    (NOT ENCODED)

Route Config

static void RegisterRoutes(RouteCollection routes)
{
    routes.MapRouteLowercase(
        name: "MyRouter",
        url: "mypage.aspx",
        defaults: new { controller = "My", action = "DoLog" }
    );
}

The controller:

public class MyController : Controller
{
    [AllowAnonymous]
    public ActionResult DoLog(string value)
    {
        //Here value has "cat dog"
    }
}
like image 666
dhalfageme Avatar asked Oct 03 '14 14:10

dhalfageme


People also ask

Is MVC2 urldecoding automatically?

Yes, MVC automatically URL decodes action parameters, but you can still access the URL encoded version through a query string. As you can see in this question: Is MVC2 ASP.Net URLDecoding automatically?

How to pass parameter in controller from URL in MVC application?

In this article we will be discussing how to pass parameter in controller from URL in MVC application. First of all create one empty MVC web project and implement below code. At first we will create one model class called Person with two properties. Then within this class we will write simple ADO.NET code to fetch data from SQLServer Database.

How do I encode a URL in Python?

You can encode a URL using with the UrlEncode () method or the UrlPathEncode () method. However, the methods return different results. The UrlEncode () method converts each space character to a plus character (+).

How do you encode a string in http?

The text to encode. An encoded string. The UrlEncode (String) method can be used to encode the entire URL, including query-string values. If characters such as blanks and punctuation are passed in an HTTP stream without encoding, they might be misinterpreted at the receiving end.


1 Answers

You can use the following to grab the query-string manually from the controller:

Request.QueryString.Get("value");

Or, to get it from the view:

Html.ViewContext.HttpContext.Request.QueryString.Get("value");

But honestly, why not just encode the string yourself before you send it through the routing:

HttpUtility.UrlEncode(value);

and then when you get the the value again:

HttpUtility.UrlDecode(value);

So that way you have control of your string


Update

You can also do the following to allow your routeConfig to allow the "+" attribute:

<location path="CustomHttpHandler">
  <system.webServer>
    <security>
      <requestFiltering allowDoubleEscaping="true" />
    </security>
  </system.webServer>
</location>

Here is a question that tells you the ups and downs of turning this on and off: Is Enabling Double Escaping Dangerous?

like image 110
Termato Avatar answered Oct 26 '22 01:10

Termato