How to solve error "A potentially dangerous Request.Path value was detected from the client (:)."

Errammagari, Sai 20 Reputation points
2024-01-23T13:09:11.3266667+00:00

I am trying to fetch binaries/files from Artifacts --> Package using API call. URL: GET https://feeds.dev.azure.com/TTLDevOps/CI-CD_Sandbox/_apis/packaging/Feeds/Universal_Artifacts3/packages/MavenProject.Automationtesting:Automationtesting/versions/latest/files?api-version=7.2-preview.1 Where Package name is "MavenProject.Automationtesting:Automationtesting"

But in response I am getting error as below:

{
    "$id": "1",
    "innerException": null,
    "message": "A potentially dangerous Request.Path value was detected from the client (:).",
    "typeName": "System.Web.HttpException, System.Web",
    "typeKey": "HttpException",
    "errorCode": 0,
    "eventId": 0
}


This seems to be because of : in the URL (Name of Package). One solution to replace : with %3A didn't work in my case. Can anyone suggest a solution for this case.

ASP.NET API
ASP.NET API
ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
279 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan Huang-MSFT 22,906 Reputation points Microsoft Vendor
    2024-01-24T02:53:03.81+00:00

    Hi @Errammagari, Sai, Asp.Net 4.0+ comes with a very strict built-in request validation, part of it is the potential dangerous characters in the url which may be used in XSS attacks. Here are default invalid characters in the url : < > * % & : \ ? You'd better avoid using characters like "?" . You can try these settings in your web.config file:

    <system.web>
        <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
        <pages validateRequest="false" />
    </system.web>
    

    or you can change this behavior in your config file:

    <system.web>
        <httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
    </system.web>
    

    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful