I'm having a trouble allowing asterisk (*) in the URL of my website. I am running ASP.NET MVC 2 and .NET 4.0.
Here's an example that describes the problem:
http://mysite.com/profile/view/Nice*
The u开发者_运维百科sername is Nice* and ASP.NET says there are illegal characters in the URL:
Illegal characters in path.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: Illegal characters in path.
I have tried all the Web.config methods I've seen online such as:
<pages validateRequest="false">
and
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
So my question is: Is it possible to allow asterisk in URL? If not, is there some encoding method in .NET that can encode asterisk(*) ?
Thanks!
http://www.w3.org/Addressing/URL/4_URI_Recommentations.html
Other reserved characters
The asterisk ("*", ASCII 2A hex) and exclamation mark ("!" , ASCII 21 hex) are reserved for use as having special signifiance within specific schemes.
The asterisk (*) is a reserved character with special meaning, so it shouldn't be used incorrectly in URIs. Instead, you should percent encode each username before you insert it into the URI.
Under percent encoding, the asterisk character becomes "%2A".
So the complete, correct URI would be: http://example.com/profile/view/Nice%2A
The percent encoding username should be automatically translated back into the original username string for you.
This will not only allow your URI to validate server-side, but also client-side, when your users copy and paste these addresses into their mail programs.
For example, Stack Overflow automatically hyperlinks the safe, percent encoded URI: http:// example.com/profile/view/Nice%2A
But it doesn't fully hyperlink the unsafe version: http:// example.com/profile/?user=username*
The asterisk is not included in the Stack Overflow link--so your user would have ended up the wrong page.
(Sorry I can't demonstrate this--I'm only allowed to included two links in my post.)
You can save yourself a great deal of trouble by always percent encoding data before you insert it into a URI.
My solution was to change it to a query string.
E.g.:
http://mysite.com/profile/?user=username*
That way it seems to work just fine.
I do know that asterisk (*) is a reserved character and thus I shouldn't even allow usernames to have it. But this solves my problem.
精彩评论