4.6.1 to 4.7RSS

2 replies

Last post Mar 04, 2019 03:26 PM by Revathi Mudupalli

  • 4.6.1 to 4.7

    Mar 01, 2019 04:25 PM|Revathi Mudupalli|LINK

    Hi,

    We converted our APIs from 4.6.1 to 4.7.

    We were using the following settings in our web.config to allow certain characters in url parmeters.

    <httpRuntime targetFramework="4.6.1" relaxedUrlToFileSystemMapping="true" requestValidationMode="2.0" requestPathInvalidCharacters="" />

    <requestFiltering allowDoubleEscaping="true" />

    These settings appear to be not working anymore after we converted from 4.6.1 to 4.7.

    Is there a way to fix this? What are the recommendations?

    Thanks

  • Re: 4.6.1 to 4.7

    Mar 04, 2019 05:26 AM|Jalpa Panchal|LINK

    Hi,

    Try below code to restrict some character which you don't want to allow.If possible use IIS 10 which is latest version.

    <httpruntime requestvalidationmode="2.0">
    requestPathInvalidCharacters="*,:,&,\"
    relaxedUrlToFileSystemMapping="true"
    /></httpruntime>

    You could also prefer below article for more detail:

    https://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx

    Regards,

    Jalpa.

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: 4.6.1 to 4.7

    Mar 04, 2019 03:26 PM|Revathi Mudupalli|LINK

    Hi,

    I am using IIS 10.0

    If I send https://localhost/Gateway/api/users/%2567/patients, it decodes it and shows as https://localhost/Gateway/api/users/g/patients.

    If I send https://localhost/Gateway/api/users/%2512/patients, it shows as https://localhost/Gateway/api/users/%12/patients

    Thanks