Aspnetcore: HTTP GET string parameter ending with selected keywords are not allowed in .net core

Created on 13 Sep 2019  路  4Comments  路  Source: dotnet/aspnetcore

_From @maheshmore2691 on Friday, September 13, 2019 3:09:20 PM_

Hi,

I know that this is not related to .NET core but still wanted to confirm that is there any way to fix it in .NET core.

Visual studio: 2019
.NET core: 2.2
Language: C#

Issue: I have created .NET core API with GET endpoint decorated by attribute routing which accepts string parameter and here I am getting 404.7 response for some keywords e.g. ".master", ".cs", ".mdf" etc.

```C#

Not Working code:

Accessing path: http://baseUrl/api/test/test.master
[HttpGet("{userName}")] public ActionResult<string> Get(string userName) { return userName; }

Working code: Accepting userName as a query string is working perfectly. Is it best practice?

Accessing path: http://baseUrl/api/test/test.master
`[HttpGet]
public ActionResult Get(string userName)
{
return userName;
}
```

I know that these are the file extensions which are not allowed to access as resources. But is there any other way to make it work other than accepting a parameter as a query string. Can I make it work with attribute routing?

Any lead would be appreciated.

Thanks

_Copied from original issue: dotnet/core#3366_

area-servers question
Source
picture scalablecory

All 4 comments

@maheshmore2691 you're likely running in to IIS"s request filtering. https://docs.microsoft.com/en-us/iis/manage/configuring-security/use-request-filtering#filter-based-on-file-extensions has some documentation on configuring it.

/cc @shirhatti \ @jkotalik

pranavkm picture pranavkm on 13 Sep 2019
👍1

Yeah that seems correct. IIS interprets test.master as an extension rather than a path. As @pranavkm mentioned, you can configure which extensions you allow through IIS.

jkotalik picture jkotalik on 13 Sep 2019
👍1

Closing as answered.

pranavkm picture pranavkm on 13 Sep 2019

@pranavkm Thanks for the quick and detailed answer.

So to make it work either I have to change the IIS configuration on the server or I have to change the endpoint to accept a parameter as a query string.

maheshmore2691 picture maheshmore2691 on 14 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

guardrex picture guardrex  路  3Comments
ipinak picture ipinak  路  3Comments
snebjorn picture snebjorn  路  3Comments
markrendle picture markrendle  路  3Comments
fayezmm picture fayezmm  路  3Comments