9

I have a controller in an MVC 4 .NET application that receives a string as a parameter from an URL. This comes from an aspx page redirected to the controller in Route.config.

If I send this value for the parameter in the client: fwdgerhb+bhrth+ftrgbhrt

I get the following value at the server: fwdgerhb bhrth ftrgbhrt

The server is interpreting the URL parameter value as an encoded URL and replaces + by . But it has not been URL encoded. This will occur for other combinations of special chars if they appear in the parameter value.

Is there a config parameter in IIS Server to configure the server to not try to URL-decode this value?

Example Request:

mypage.aspx?value=cat+dog    (NOT ENCODED)

Route Config

static void RegisterRoutes(RouteCollection routes)
{
    routes.MapRouteLowercase(
        name: "MyRouter",
        url: "mypage.aspx",
        defaults: new { controller = "My", action = "DoLog" }
    );
}

The controller:

public class MyController : Controller
{
    [AllowAnonymous]
    public ActionResult DoLog(string value)
    {
        //Here value has "cat dog"
    }
}
Improve this question
6
  • Your controller is written in VB.Net or C#? Can you post the code please? Commented Oct 3, 2014 at 14:14
  • Is C#. I posted it, but I think it doesn't matter, it's not a code issue, I have to send the parameter without encode it, so I only need how to make the server know that the URL comes without encoding. Commented Oct 3, 2014 at 14:21
  • What is your requirement? Is it to get the encoded parameter back e.g: fwdgerhb+bhrth+ftrgbhr in which case why don't you UrlEncode it yourself? Commented Oct 3, 2014 at 14:23
  • Because I'have distributed old code without encoding this value, and the controller has to be compatible with it Commented Oct 3, 2014 at 14:25
  • 1
    @Dani so whats stopping you encoding it when it hits the controller assuming that's what you want to do (you haven't clarified)? Commented Oct 3, 2014 at 14:30

2 Answers 2

Reset to default
16

You can use the following to grab the query-string manually from the controller:

Request.QueryString.Get("value");

Or, to get it from the view:

Html.ViewContext.HttpContext.Request.QueryString.Get("value");

But honestly, why not just encode the string yourself before you send it through the routing:

HttpUtility.UrlEncode(value);

and then when you get the the value again:

HttpUtility.UrlDecode(value);

So that way you have control of your string

Update

You can also do the following to allow your routeConfig to allow the "+" attribute:

<location path="CustomHttpHandler">
  <system.webServer>
    <security>
      <requestFiltering allowDoubleEscaping="true" />
    </security>
  </system.webServer>
</location>

Here is a question that tells you the ups and downs of turning this on and off: Is Enabling Double Escaping Dangerous?

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Because I'have distributed old client code without encoding this value, and the controller has to be compatible with it. Going to try your solution.
Not, I also get the "+" sign as spaces
Than your string is still not being encoded before being put into the URL. When I try to send in the string 1+2 using HttpUtility.UrlEncode("1+2"); I get 1%252b2 which then turns back into 1+2 when I do HttpUtility.UrlDecode("1%252b2");. Is there no way you can modify what values coming in?
It's not only the "+", it's any character, the value is an encrypted string
10

Yes, MVC automatically URL decodes action parameters, but you can still access the URL encoded version through a query string. As you can see in this question: Is MVC2 ASP.Net URLDecoding automatically?

You can also try to access a server variable named UNENCODED_URL. More information about this scenario can be found here: URL Rewrite Module Configuration Reference

Improve this answer

8 Comments

There's a config parameter to avoid this behavior or I have to URL encode it again in the controller to obtain the correct value?
I don´t know about the existence of any config parameter to avoid this. And you cal also use var unicornName = requestQuery["value"]; with needing to urlEncode it again
I tried now to URL Encoding it on server, but the encoding done is diferent to the URL Decoding done by the MVC framework. For example. If I receive the string "/" it remains as "/" when MVC decodes it, but URL-Encoding it again, I get "%2f", so it's not valid...
You probalbly dont the need this but..... you can also try to acess a server variable named UNENCODED_URL. More information about this scenario can be found here: iis.net/learn/extensions/url-rewrite-module/…
Yes, readingn UNENCODED_URL I can get the correct value, many thanks
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.