问题描述:

I originally asked the following question, to get some anwsers on how to handle special characters in an URL (GET) request for my Web Api:

Web Api 2 routing issue with special characters in URL

Encoding was obviously the way to go. But in order to get everything working, i had to do a pretty nasty workaround. And now, Im' at the point where i don't really understand why my workaround had to be done in the first place. So, the following is my setup:

A client can call my Web Api 2, Hosted on iis 8.5, by a get request containing an email in the URL. The most extreme example would be the following email:

!$%&'*+-/=?^_`{}|[email protected]

And yes, that sucker is a valid email, which therefore the API has to support. The URL pattern is as follows:

.../api/permissions/{email}/{brand}/

So a get request would be something along the lines of this:

.../api/permissions/#!$%&'*+-/=?^_`{}|[email protected]/economy

As the marked answer to my other question suggests, encoding this url is obviously a necessity. But this left me with a couple of other issues, such as "double escape of characters not allowed", and some specific "404 - not found" (routing could not pass the url). This i could mange to handle with the following settings for iis:

<system.web>

...

<httpRuntime requestPathInvalidCharacters=""/>

</system.web>

<system.webServer>

<security>

<requestFiltering allowDoubleEscaping="true"/>

</security>

...

</system.webServer>

Now i was able to call my method with those pesky special characters, and everything was fine. But i hit another bump. The email specified above, #!$%&'*+-/=?^_`{}|[email protected], resulted in a 404 - not found. An actual 404 - not found. The routing couldn't handle the request url:

[Route("{email}/{brand}"]

As I understand it, the iis decodes the request url, passes it on to the iis request pipeline, it is then picked up by the web api and run through the http message handlers before hitting the controller. In the controller, i could clearly see that the email part of the url was no longer encoded (provided i used a simple encoded email. the encoded email "#!$%&'*+-/=?^_`{}|[email protected]" still responded 404). I quickly figured, that the routing probably couldn't handle the fragmentation inside the url path, as the iis passes on a decoded url to the web api. So i had to get the url reencoded in the iis before handed on to the web api.

This i was able to make a workaround for, by using Url ReWrite. It reencoded that specific part of the url containing the email, and now the routing was handled properly with the special-character-email. The expected method was hit, and i could just decode the encoded email. To briefly sum up, this was the flow:

Request flow

Now, we have set up a LogMessageHandler which logs incoming requests and outgoing responses. When the logger logs the request.RequestUri, it is clear that the email is double encoded. But when the controller method is hit, it is only encoded once! So.. My question is, why do i have to reencode the URL in the iis for the routing to handle the request properly, when the url is already automatically encoded (and decoded again before hitting the controller)? Is this something i can configure? Can i somehow extend the scope of which the URL is encoded, all the way to the controller??

Regards

Frederik

相关阅读:
Top