Allow colon (:) in URL for ASP.NET Core in IIS/Azure

by

I’ve got an ASP.NET Core app that I’m deploying to Azure that takes in a string in the URL that contains colon (a time stamp).

For example: http://localhost:5000/Servers/208.100.45.135/28000/2017-03-15T07:03:43+00:00, or http://localhost:5000/Servers/208.100.45.135/28000/2017-03-15T07%3a03%3a43%2B00%3a00 URL-encoded.

This works perfectly fine when running locally using Kestrel (dotnet run), but after deploying to Azure I receive this error: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

A quick search reveals that it’s due to invalid characters being used in the URL, namely the colon. The traditional fix is to add this section to web.config:

 <system.web>
     <httpRuntime requestPathInvalidCharacters="" />
 </system.web>

However, after adding this to my web.config on Azure, I observe no change. I imagine this is due to differences in ASP.NET Core’s hosting model.

Here is my current web.config:

<configuration>
    <system.web>
        <httpRuntime requestPathInvalidCharacters=""/>
        <pages validateRequest="false" />
    </system.web>
    <system.webServer>
        <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
        </handlers>
        <aspNetCore processPath="dotnet" arguments=".Server.dll" stdoutLogEnabled="false" stdoutLogFile=".logsstdout" forwardWindowsAuthToken="false" />
    </system.webServer>
</configuration>

And the relevant controller header…

[HttpGet]
[Route("{serverIpAddress}/{serverPort}/{approxMatchStartTimeStr}")]
public IActionResult GetMatchEvents(string serverIpAddress, string serverPort, DateTimeOffset approxMatchStartTimeStr)
{
    ...
}

How can I get IIS/Azure to allow the colon character in URLs?

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

The issue you’re running into isn’t related to the colon (:) in the path, it’s really the plus (+) that IIS doesn’t like. It doesn’t matter if the plus is encoded as “+” or “%2B”. You have two options:

  1. Move the plus/DateTimeOffset from the path to the query string where IIS doesn’t mind it.
  2. Configure the IIS request filtering module to “allowDoubleEscaping”.

Example web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering allowDoubleEscaping="true" />
        </security>
        <handlers>
            <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
        </handlers>
        <aspNetCore processPath="dotnet" arguments=".Server.dll" stdoutLogEnabled="false" stdoutLogFile=".logsstdout" forwardWindowsAuthToken="false" />
    </system.webServer>
</configuration>

The system.web section of your current web.config isn’t relevant to ASP.NET Core.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x