This worked fine in IIS 6. Now using IIS 7.5 and cannot figure the problem out. Trying to get a bespoke app working, it's a file manager. When attempting to access files with spaces in the files names IIS encodes the URL as files/This+is+a+filename.doc and throws a cannot find file. I need it to encode the URL as files/This%20is%20a%20filename.doc.
Been looking at URL rewrite but cannot get my head around it.
Any ideas?
You can change url encoding. No need for regular expressions.
Related
I am working on .NET Core 2.2 application (will be upgraded soon). There is a functionality to upload files on the server which can be accessed by other users via a link. Everything works pretty fine. There are checks to prevent files with certain characters including #. The only issue I am having is, client is insisting to allow # in filename. There are no issues when uploading such files, but it doesn't load via link. I get Status Code: 404; Not Found error. This was the issue in legacy site (ASP.NET WebForms) as well where it was showing 404 - File or directory not found..
The URL I get looks like this: /_ClientData/NTTF/Announcements/61/Docs/invalid%20#%20test.pdf
As a last option, I can allow this files and replace # with something else on server, but I am wondering if there is any way to make this work without manipulating filename.
You probably have an Razor page (or equivalent) that dynamically generates the "clickable link".
SUGGESTION: Use HttpUtility.UrlEncode() to explicitly generate the link, as you serve the page.
It should generate something like this:
File Name: invalid # test.pdf
HttpUtility.UrlEncode: invalid%20%23%20test.pdf
I have URLs stored in a database where the spaces are encoded as +.
When the browser requests these urls the web server returns a 404 response.
These URLs are all for static images stored on the web server in the wwwroot folder.
If I manually change the + for %20 then the image is returned correctly.
Is this a deliberate change in ASP.Net Core or is this a bug?
If it's deliberate, then it's going to be very painful for me going through the database and re-encoding all the URLs, many of which are embedded in HTML snippets (I know storing HTML in the DB or having spaces in image files aren't a good idea but it was done long before I joined the company and that's the state we're already in).
I'm using ASP.Net 2.1, running on .Net Framework.
It's running through IIS Express at the moment (during development) but will be deployed with full IIS.
I have seen this other question but it's specifically to do with API calls and the answer doesn't seem to be applicable to my question as there are no routes to change as I'm requesting static image files.
Edit: Extra detail
The html is output using #Html.Raw(html)
The resulting html output to the browser is of the form
<img src="/BorderThemes/grey+4px+rounded+corners_TL.png" />
The Html was generated on the server and then stored in the DB so we can be confident it's safe to output to the browser and, no, I have no idea why anyone would do that rather than building the HTML when it's needed but it was before my time and it's the situation I'm already in.
Update:
I've looked deeper into this and if I enter http://localhost:8000/BorderThemes/grey+4px+rounded+corners_TL.png into my web browser I get a page from IIS saying Http Error 404.11 saying that my URL is double encoded and linking to here for more information. This does include instructions on how to allow double-encoding but with warnings that it can have security consequences.
If I enter the url http://localhost:8000/BorderThemes/grey%204px%20rounded%20corners_TL.png I get an image back.
I was having issues with paths / html stored in the DB but after experimenting, it appears that System.Net.WebUtility.UrlEncode encodes spaces as +. For example WebUtility.UrlEncode("foo bar.png") returns foo+bar.png, which is rejected as double-encoded by IIS.
Am I missing something or is Microsoft's function for encoding URLs encoding the URLs in a way that Microsoft's web server rejects?
If you want %20 instead of + tryusing EscapeDataString to encode URI :
Uri.EscapeDataString(someString);
Refer https://stackoverflow.com/a/50682381/704008
But you have already generated url & can'e do anything now so try using HtmlDecode like
System.Net.WebUtility.HtmlDecode.HtmlDecode(html);
I am not sure it best to use with Raw or some method exists like decode in #Html but try using :
#Html.Raw(System.Net.WebUtility.HtmlDecode(html))
Refer:
https://learn.microsoft.com/en-us/dotnet/api/system.net.webutility?view=netstandard-2.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.webutility.urldecode?view=netstandard-2.0#System_Net_WebUtility_UrlDecode_System_String_
I'm using an old nopcommerce 1.90
When i'm trying to access admin panel it generates very long url in all admin pages...
For example: www.mynopcommercestore.com/(F(rdJxygsKRvgH2-aXCIZR0C3pi39UpnKohhHrrbT1ATunvMt4FfV88V0ebEUgb_XXiUkww8KnBeaG66D6wjA82Kl4UsbeUHmBQN2Pp0fn08yISQ6wyjuFhPZFC-5AiXJuTPvTdDEgf7wCucjqc6hPhK_d-GuuNrpSQklM7tjy4kybCjFA4i15IEGfu8tNUWOV9lCqJBEJuE0CXV96XVhHY2n-ykKlQUxLkoVC49txwzls2iMU0))/administration/ProductDetails.aspx?ProductId=563
What is this "strange" string? cookieless? (i have already set it to false)
I'm getting an error when i'm trying to upload an image in ckeditor
(The server didn't reply with a proper XML data. Please check your configuration.)
XML request error: Request-Uri Too Long (I have also set in web.config maxUrlLength="2097151")
But when i remove this "strange" string from url it uploads well.
Could someone help? How to avoid this long url in system?
Kind Regards
You should disable "Cookieless Sessions" in web.config file. Please find more info here
I have written code required for url rewriting of
[mywebsitename].com?type=pages&id=22
as
[mywebsitename].com/pages/224.
Now my question is, can i use
[mywebsitename].com/pages/224?task=5
so that i can use
Request.Querystring["task"]
in my code?
I am not up to date on IIS but last time I used it I had to install URL rewrite module in IIS (not sure if ships fro the getgo in newer version) but here is quick tutorial
http://www.iis.net/learn/extensions/url-rewrite-module/using-rewrite-maps-in-url-rewrite-module
With URL Rewrite you can still read the query string the traditional way.
I am trying to send a request to an url like this "http://mysite.dk/tværs?test=æ" from an asp.net application, and I am having trouble getting the querystring to encode correctly. Or maybe the querystring is encoded correctly, the service I am connecting to just doesn't understand it correctly.
I have tried to send the request with different browsers and logging how they encode the request with Wireshark, and I get these results:
Firefox: http://mysite.dk/tv%C3%A6rs?test=%E6
Ie8: http://mysite.dk/tv%C3%A6rs?test=\xe6
Curl: http://mysite.dk/tv\xe6rs?test=\xe6
Both Firefox, IE and Curl receive the correct results from the service. Note that they encode the danish special character 'æ' differently in the querystring.
When I send the request from my asp.net application using HttpWebRequest, the URL gets encoded this way:
http://mysite.dk/tv%C3%A6rs?test=%C3%A6
It encodes the querystring the same way as the path part of the url. The remote service does not understand this encoding, so I don't get a correct answer.
For the record, 'æ' (U+00E6) is %E6 in ISO-LATIN-1, and %C3%A6 in UTF-8.
I could change the remote service to accept the UTF-8 encoded querystring, but then the service would stop working in browsers and I am not really interested in that. Is there a way to specify to .NET that it shouldn't encode querystrings with UTF-8?
I am creating the webrequest like this:
var req = WebRequest.Create("http://mysite.dk/tværs?test=æ") as HttpWebRequest;
But the problem seems to originate from System.Uri which is apparently used inside WebRequest.Create:
var uri = new Uri("http://mysite.dk/tværs?test=æ");
// now uri.AbsolutePath == "http://mysite.dk/tv%C3%A6rs?test=%C3%A6"
It looks like you're applying UrlEncode over the entire URL - this isn't correct, paths and query strings are encoded differently as you've seen. What is doing the encoding of the URI, WebRequest?
You could manually build the various parts using a UriBuilder, or manually encode using UrlPathEncode for the path and UrlEncode for the query string names and values.
Edit:
If the problem lies in the path, rather than the query string you could try turning on IRI support, via web.config
<configuration>
<uri>
<iriParsing enabled="true" />
</uri>
</configuration>
That should then leave international characters alone in the path.
Have you tried the UrlEncode?
http://msdn.microsoft.com/en-us/library/zttxte6w.aspx
I ended up changing my remote webservice to expect the querystring to be UTF-8 encoded. It solves my immediate problem, the webservice can not be correctly called by both PHP and the .NET framework.
However, the behavior is now strange in browsers. Copy pasting an url like "http://mysite.dk/tv%C3%A6rs?test=%C3%A6" into the browser and then pressing return works, it even corrects the encoded characters and displays the location as "http://mysite.dk/tværs?test=æ". If then reload the page (F5) it still works. But if I click on the location bar and press return again, the querystring will become encoded with latin-1 and fail.
For anyone interested here is an old Firefox bugreport about the problem: https://bugzilla.mozilla.org/show_bug.cgi?id=284474 (thanks to #dtb)
So, it seems there is no good solution.
Thanks to everyone who helped though!