在下面测试我的代码时,如下所示:
http://localhost:49494/api/DownloadFile/q%3a%5cLetters%5cOnlineReminder.pdf
导致此异常:
从客户端检测到潜在的危险Request.Path值
像这样:
http://localhost:49494/api/DownloadFile?q%3a%5cLetters%5cOnlineReminder.pdf
函数中文档(FullPath)的路径为null。
这是代码:
[HttpGet]
[Route("api/DownloadFile/{*FullPath}")]
public IHttpActionResult DownloadFile(string FullPath)
{
if (FullPath == null)
return NotFound();
System.IO.MemoryStream Stream = _ArchiveRepository.GetDownloadStream(FullPath);
return new MemoryStreamResult(Stream, "application/octet-stream");
}
我也编码了MemoryStreamresult。
最佳答案
斯科特·汉塞尔曼(Scott Hanselman)在http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx中对此进行了撰写。您可能要检查web.config中节点的requestPathInvalidCharacters属性。符号%默认情况下是无效字符
也许您应该尝试以这种形式请求yourlocal / api / DownloadFile /?FullPath = q%3a%5cLetters%5cOnlineReminder.pdf,否则请从requestPathInvalidCharacters中删除字符