当URL数据中的冒号成为WCF时,其拒绝请求并带有“ 400 Bad Request”
[英]WCF rejecting request with “400 Bad Request” when their is a colon in the URL data
问题描述
I'm trying something pretty simple using a self hosted WCF service , and I can't believe I've spent half a day just trying to get this to work. 
我正在尝试使用自托管WCF服务进行一些非常简单的操作,而且我不敢相信我花了半天的时间才尝试使它工作。
I've got a UriTemplate for the following endpoint. 我有以下端点的UriTemplate。
[WebGet(UriTemplate="{documentName}?catalog={catalog}")]
DocData FindJobInfo(string documentName, string catalog);
And it rejects requests to it with a "400 Bad Request" error when I try to hit it with a URL that has colons in the docuementName parameter. 当我尝试使用在docuementName参数中带有冒号的URL对其进行命中时,它将拒绝出现“ 400错误请求”错误的请求。 An actual example follows: 一个实际的例子如下:
http://localhost:59982/dms/:Q9:m:w:x:h:~140410145342551.nev?catalog=test
For those of you who are about to say "UrlEncode it". 对于那些将要说“ UrlEncode it”的人。 It also fails with this request: 该请求也失败:
http://localhost:59982/dms/%3AQ9%3Am%3Aw%3Ax%3Ah%3A~140410145342551.nev?catalog=test
However ... if i replace all the colons with semi colons in the documentName ... it works: 但是 ...如果我在documentName中将所有冒号替换为半冒号...则可以:
http://localhost:59982/dms/;Q9;m;w;x;h;~140410145342551.nev?catalog=test
What in the world? 到底是什么? Also, the first URL format should work just fine because I can hit a vendors site using that same documentName with colons and all and it works fine. 另外,第一种URL格式应该可以正常工作,因为我可以使用带有冒号和all的相同documentName来访问供应商站点,并且可以正常工作。 I've even tried adding the following to the web.config and it still doesn't work: 我什至尝试将以下内容添加到web.config中,但仍然不起作用:
<system.web>
<httpRuntime requestPathInvalidCharacters="" />
<compilation debug="true" targetFramework="4.0" />
</system.web>
EDIT 编辑
I've had a response claiming that colons simply aren't valid in the URL, yet I hit vendor endpoints with them just fine. 我收到了一个回复,声称冒号在URL中根本无效,但是我用它们打了供应商的端点就好了。 Here is an example: 这是一个例子:
https://api.site.company.com/v1/Document/:Q9:m:w:x:h:~140410145342551.nev/info
This is an exact REST call with the company name changed for privacy. 这是确切的REST调用,更改了公司名称以保护隐私。 I have no problems retrieving data from this endpoint. 我从该端点检索数据没有问题。 I don't see why they would choose such a crazy looking ID to address their resources. 我不明白为什么他们会选择如此疯狂的ID来解决他们的资源。 But they did, and it works for them. 但是他们做到了,并且对他们有用。 Why can't I get my endpoints to accept them. 为什么我无法让端点接受它们。
1 个解决方案
解决方案1
0 2014-07-11 08:42:58
The issue is caused by ASP.NET/IIS settings. 此问题是由ASP.NET/IIS设置引起的。 As standard, the following characters are not allowed in the URL for some security and mechanism reasons: 作为标准,出于安全和机制方面的原因,URL中不允许使用以下字符:
- < <
- > >
- * *
- % %
- : :
- & 和
- \\ \\
You can either allow all characters, as stated here , or just remove the colon character, like this: 您可以按照此处所述允许所有字符,也可以仅删除冒号字符,如下所示:
requestPathInvalidCharacters="<,>,*,%,&,\"
You can read furhter information and the risks about this behavior in this article by Scott Hanselman on his blog. 您可以在Scott Hanselman在其博客上的这篇文章中阅读更多信息以及有关此行为的风险 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.