ASP.NET URL validation

Question

We have a custom REST handler on ASP.NET that is configured like this to handle all incoming requests:

<add path="*" verb="*" type="REST.RESTProtocolHandler"/>

However, passing it a pipe character, properly encoded or not at all, triggers a validation error that seems to come from inside ASP.NET.

Accessing http://localhost:8080/%7c or http://localhost:8080/| yields this error:

[ArgumentException: Illegal characters in path.] System.IO.Path.CheckInvalidPathChars(String path) +7489125 System.IO.Path.Combine(String path1, String path2) +40 System.Web.Configuration.UserMapPath.GetPhysicalPathForPath(String path, VirtualDirectoryMapping mapping) +114 System.Web.Configuration.UserMapPath.GetPathConfigFilename(String siteID, VirtualPath path, String& directory, String& baseName) +72 System.Web.Configuration.UserMapPath.MapPath(String siteID, VirtualPath path) +30 System.Web.Configuration.UserMapPath.MapPath(String siteID, String path) +31 System.Web.Hosting.HostingEnvironment.MapPathActual(VirtualPath virtualPath, Boolean permitNull) +297 System.Web.Hosting.HostingEnvironment.MapPathInternal(VirtualPath virtualPath, Boolean permitNull) +51 System.Web.CachedPathData.GetConfigPathData(String configPath) +341 System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean permitPathsOutsideApp) +110 System.Web.HttpContext.GetFilePathData() +36 System.Web.HttpContext.GetConfigurationPathData() +26 System.Web.Configuration.RuntimeConfig.GetConfig(HttpContext context) +43 System.Web.Configuration.CustomErrorsSection.GetSettings(HttpContext context, Boolean canThrow) +41 System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow, Boolean localExecute) +101 System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext context, Exception e) +383

No userland code gets executed. Is this a configuration option somewhere? Reproduced on IIS 7 & VS Studio's 2008 devel server.

Stack Overflow seems to handle this error OK, it looks like a dynamically generated 404 MVC page gets rendered for http://stackoverflow.com/%7c.

Any ideas?

Answer 1

By default IIS does not allow certain characters in the URL and considers them illegal. This is where you problem comes from - it doesn't even call the handler you have. As far as I know there is no place that you can configure which characters are accepted through UI, except for Windows Registry. I don't know why you want to use pipe, but I don't think it is good practice. As for the error page - you can always have your own error page for any exception, so that users don't see the ugly messages.

Answer 2

Try to intercept the exception in Global.asax file. Implement there (Global.asax.cs) this method:

protected void Application_Error(Object sender, EventArgs e)
{
    Exception ex = Server.GetLastError();
    //do whatever you want with that exception
 //or get the url from the context, reformat and redirect
}

Answer 3

I have a similar program that intercepts all and trying it with a pipe gives me the same error. I assume it has to do with IIS doing path tests (mappath) before it knows who is to handle the request. Your handler takes the root(meaning all calls) but i assume the way IIS does it is generic.

So I assume any or most of pathing characters that you cant use on your filesystem will fail on IIS request (GET/POST).

Maybe someone knows how to disable the IIS check. According to the error, it seems to happens even before your web.config is read, as it is trying to locate the right config?,

Maybe it is possible to use your own error page as an redirect back to your handler?

Answer 4

• First you need to tinker in the Registry :

  http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437

• Restart IIS

and voila it works.

But i've made this work with IIS7 without problems, but with IIS6 I get this error (Illegal characters in path).