views:

30

answers:

1

I have a WCF service with this declared operation:

[WebGet(UriTemplate = "Test/{*testString}")]
public String Test(String testString)
{
    return testString;
}

However when attempting to invoke the URL Test/You%26Me, IIS returns an error:

A potentially dangerous Request.Path value was detected from the client (&).

My goal is to allow an ampersand in the URI via its URL-Encoding: %26

The wildcard did not help. Is there any way to prevent this error without disabling security features?

+1  A: 

Try using RequestPathInvalidCharacters configuration property in Web.config avoiding used characters as follows:

<system.web>
   <httpRuntime requestPathInvalidCharacters="<,>,*,:,\\" />
</system.web>
Artem K.
I forgot to specify that I'm not using .NET 4.0 yet -- is there a similar option for .NET 3.5?
JoeGaggler
I'm afraid the only option in 3.5 is to implement custom RequestValidator: http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.aspx
Artem K.
That's perfect, thanks!
JoeGaggler