In my ASP.NET MVC 4 application I have an action on controller that gets URL string as a parameter:
public ActionResult Get(string url)
{
var hash = TextUtil.GenerateShortStringHash(url);
...
return Content(html, "text/html");
}
The request looks like this: http://localhost:37779/api/get/http:%2F%2Fwww.mysite.com
But on some level application automatically replaces double slashes with single one.
Where does this happen? Is there any way to prevent such behavior? Thanks.
My suspicion is that because it's part of the hierarchical portion of the URL it's automatically converting the double slashes to a single slash because double slashes aren't allowed in that portion of the URL. Because URLs contain characters that aren't allowed in the hierarchical portion of the URL, it's best to specify it (suitably encoded) as part of the query string (if a GET request) or in the form parameters (for a POST).
http://localhost:37779/api/get/?url=http:%2F%2Fwww.mysite.com
I completely agree with #tvanfosson that such special characters should be passed as a query string parameter instead of using the path portion of the url. Scott Hanselman wrote a nice blog post explaining the challenges you will face if you attempt to pass such characters.
This being said, you could make it work using double encoding:
http://localhost:37779/api/get/http%253A%252F%252Fwww.mysite.com
and in your controller action:
public ActionResult Get(string url)
{
var hash = TextUtil.GenerateShortStringHash(HttpUtility.UrlDecode(url));
...
return Content(html, "text/html");
}
In order for this to work you need to add the following to your web.config to enable double encoding:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true"/>
</security>
</system.webServer>
and also explicitly define the invalid characters so that : and / are not part of them or you will get 400 Bad Request:
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>" />
</system.web>
I am trying to access the Session in Controllers which are part of a webform project. All the session variables are set on ASPX pages
Session["SESSION_KEY_UI_CULTURE"] = ddlLanguage.SelectedValue;
Now on API request from client i need to read Session Variables and perform a task but Session is always null.
[RoutePrefix("api/accounts")]
public class AccountsController : ApiController
{
[Route("config")]
[HttpGet]
public IHttpActionResult GetCompanyConfig()
{
if(HttpContext.Current.Session != null)
{
//Session is always NULL
}
return Ok();
}
}
I have tried removing and adding SessionStateModule in WebConfig file
<remove name="Session" />
<add name="Session" type="System.Web.SessionState.SessionStateModule"/>
ASP.NET Web Api is meant for REST Services which are by definition stateless. Adding the Session back into Web Api defeats the purpose of having a RESTful API.
You may want to reconsider what you're trying to achieve and find another way to solve your Problem.
But there is a way to do what you want:
To activate Session nontheless add the following to your Global.asax
C#
protected void Application_PostAuthorizeRequest() {
HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required);
}
VB
Sub Application_PostAuthorizeRequest()
HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required)
End Sub
Here and here are 2 Topics that are going into the same direction which you might want to look at for further information
I have an ASP.NET MVC3 application with an action filter attribute applied to a controller:
public class MyFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(
ActionExecutingContext filterContext)
{
filterContext.HttpContext.Response.Headers.Add(
"MyFilterAttribute", "entered" );
}
public override void OnResultExecuted(
ResultExecutedContext filterContext)
{
filterContext.HttpContext.Response.Headers.Add(
"MyFilterAttribute", "exited" );
}
}
[MyFilter]
public class MyController : Controller
{
public ActionResult MyAction()
{
return new EmptyResult();
}
}
MVC routing maps /MyPath/MyAction to the controller-action pair above.
and the client code invokes https://my.company.com/MyPath/MyAction and dumps the response headers.
Initially it works - I see that the response received on the client contains two MyFilterAttribute headers as expected.
Then I add a location element to web.config:
<configuration>
// lots of stuff, then
<location path="MyPath">
<system.webServer>
<security>
<access sslFlags="SslNegotiateCert"/>
</security>
</system.webServer>
</location>
</configuration>
and once I redeploy with these changes the response headers no longer contain the two MyFilterAttribute items.
Adding location to web.config is the only change. Once I remove it the old expected behavior is back.
It looks like adding a location elements somehow breaks MVC attributes.
What might be causing this behavior?
sslFlags="SslNegotiateCert" requests that IIS opens a mutually verified channel which is not the default behavior. I looked into IIS logs and it's HTTP 403.16 (client certificate untrusted) all the time. Because the client certificate is self-signed IIS doesn't trust it and so fails to open a mutually verified channel.
Either I have to not use SslNegotiateCert (and then the client certificate is not passed to application code) or I need a certificate which IIS trusts (this answer explains how that can be achieved).
This error is very common, and I tried all of the solutions and non of them worked. I have disabled WebDAV publishing in control panel and added this to my web config file:
<handlers>
<remove name="WebDAV"/>
</handlers>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
The error still persists. This is the controller:
static readonly IProductRepository repository = new ProductRepository();
public Product Put(Product p)
{
return repository.Add(p);
}
Method implementation:
public Product Add(Product item)
{
if (item == null)
{
throw new ArgumentNullException("item");
}
item.Id = _nextId++;
products.Add(item);
return item;
}
And this is where the exception is thrown:
client.BaseAddress = new Uri("http://localhost:5106/");
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
var response = await client.PostAsJsonAsync("api/products", product);//405 exception
Any suggestions?
You are POSTing from the client:
await client.PostAsJsonAsync("api/products", product);
not PUTing.
Your Web API method accepts only PUT requests.
So:
await client.PutAsJsonAsync("api/products", product);
I had the same exception. My problem was that I had used:
using System.Web.Mvc; // Wrong namespace for HttpGet attribute !!!!!!!!!
[HttpGet]
public string Blah()
{
return "blah";
}
SHOULD BE
using System.Web.Http; // Correct namespace for HttpGet attribute !!!!!!!!!
[HttpGet]
public string Blah()
{
return "blah";
}
My problem turned out to be Attribute Routing in WebAPI. I created a custom route, and it treated it like a GET instead of WebAPI discovering it was a POST
[Route("")]
[HttpPost] //I added this attribute explicitly, and it worked
public void Post(ProductModel data)
{
...
}
I knew it had to be something silly (that consumes your entire day)
I tried many thing to get DELETE method work (I was getting 405 method not allowed web api) , and finally I added [Route("api/scan/{id}")] to my controller and was work fine.
hope this post help some one.
// DELETE api/Scan/5
[Route("api/scan/{id}")]
[ResponseType(typeof(Scan))]
public IHttpActionResult DeleteScan(int id)
{
Scan scan = db.Scans.Find(id);
if (scan == null)
{
return NotFound();
}
db.Scans.Remove(scan);
db.SaveChanges();
return Ok(scan);
}
This error can also occur when you try to connect to http while the server is on https.
It was a bit confusing because my get-requests were OK, the problem was only present with post-requests.
Chrome often times tries to do an OPTIONS call before doing a post. It does this to make sure the CORS headers are in order. It can be problematic if you are not handling the OPTIONS call in your API controller.
public void Options() { }
I'm late to this party but as nothing above was either viable or working in most cases, here is how this was finally resolved for me.
On the server the site/service was hosted on, a feature was required!
HTTP ACTIVATION!!!
Server Manager > Manage > Add Roles and Features > next next next till you get to Features > Under .NET (each version) tick HTTP Activation.
Also note there is one hidden under >net > WCF Services.
This then worked instantly!
That was melting my brain
I was getting the 405 on my GET call, and the problem turned out that I named the parameter in the GET server-side method Get(int formId), and I needed to change the route, or rename it Get(int id).
You can also get the 405 error if say your method is expecting a parameter and you are not passing it.
This does NOT work ( 405 error)
HTML View/Javascript
$.ajax({
url: '/api/News',
//.....
Web Api:
public HttpResponseMessage GetNews(int id)
Thus if the method signature is like the above then you must do:
HTML View/Javascript
$.ajax({
url: '/api/News/5',
//.....
If you have a route like
[Route("nuclearreactors/{reactorId}")]
You need to use the exact same parameter name in the method e.g.
public ReactorModel GetReactor(reactorId)
{
...
}
If you do not pass the exact same parameter you may get the error "405 method not allowed" because the route will not match the request and WebApi will hit a different controller method with different allowed HTTP method.
This does not answer your specific question, but when I had the same problem I ended up here and I figured that more people might do the same.
The problem I had was that I had indeliberately declared my Get method as static. I missed this an entire forenoon, and it caused no warnings from attributes or similar.
Incorrect:
public class EchoController : ApiController
{
public static string Get()
{
return string.Empty;
}
}
Correct:
public class EchoController : ApiController
{
public string Get()
{
return string.Empty;
}
}
Here is one solution:
<handlers accessPolicy="Read, Script">
<remove name="WebDAV" />
</handlers>
learn.microsoft.com solution article
and remove WebDAV from modules
<remove name="WebDAVModule" />
[HttpPost] is unnecessary!
[Route("")]
public void Post(ProductModel data)
{
...
}
I could NOT solve this. I had CORS enabled and working as long as the POST returned void (ASP.NET 4.0 - WEBAPI 1). When I tried to return a HttpResponseMessage, I started getting the HTTP 405 response.
Based on Llad's response above, I took a look at my own references.
I had the attribute [System.Web.Mvc.HttpPost] listed above my POST method.
I changed this to use:
[System.Web.Http.HttpPostAttribute]
[HttpOptions]
public HttpResponseMessage Post(object json)
{
...
return new HttpResponseMessage { StatusCode = HttpStatusCode.OK };
}
This fixed my woes. I hope this helps someone else.
For the sake of completeness, I had the following in my web.config:
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Expose-Headers " value="WWW-Authenticate"/>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS, PUT, PATCH, DELETE" />
<add name="Access-Control-Allow-Headers" value="accept, authorization, Content-Type" />
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
Old question but none of the answers worked for me.
This article solved my problem by adding the following lines to web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
In my case I had a physical folder in the project with the same name as the WebAPI route (ex. sandbox) and only the POST request was intercepted by the static files handler in IIS (obviously).
Getting a misleading 405 error instead of the more expected 404, was the reason it took me long to troubleshoot.
Not easy to fall-into this, but possible. Hope it helps someone.
Make sure your controller inherits from Controller class.
It might even be crazier that stuff would work locally even without that.
For my part my POST handler was of this form:
[HttpPost("{routeParam}")]
public async Task<ActionResult> PostActuality ([FromRoute] int routeParam, [FromBody] PostData data)
I figured out that I had to swap the arguments, that is to say the body data first then the route parameter, as this:
[HttpPost("{routeParam}")]
public async Task<ActionResult> PostActuality ([FromBody] PostData data, [FromRoute] int routeParam)
check in your project .csproj file and change
<IISUrl>http://localhost:PORT/</IISUrl>
to your website url like this
<IISUrl>http://example.com:applicationName/</IISUrl>
Another possible issue which causes the same behavior is the default parameters in the routing. In my case the controller was located and instantiated correctly, but the POST was blocked because of default Get action specified:
config.Routes.MapHttpRoute(
name: "GetAllRoute",
routeTemplate: "api/{controller}.{ext}"/*,
defaults: new { action = "Get" }*/ // this was causing the issue
);
I was having exactly the same problem. I looked for two hours what was wrong with no luck until I realize my POST method was private instead of public .
Funny now seeing that error message is kind of generic. Hope it helps!
We had a similar issue. We were trying to GET from:
[RoutePrefix("api/car")]
public class CarController: ApiController{
[HTTPGet]
[Route("")]
public virtual async Task<ActionResult> GetAll(){
}
}
So we would .GET("/api/car") and this would throw a 405 error.
The Fix:
The CarController.cs file was in the directory /api/car so when we were requesting this api endpoint, IIS would send back an error because it looked like we were trying to access a virtual directory that we were not allowed to.
Option 1: change / rename the directory the controller is in
Option 2: change the route prefix to something that doesn't match the virtual directory.
In my case, the 405 error only showed up in production server, and not on my dev machine.
I found that the problem was due to the fact that I simply "manually" transferred the contents of the locally published folder from my local machine to the online production server.
So, the FIX for me was to simply delete all the online files on the prod server, and then use the "Publish" option on Visual Studio to publish directly from my local machine to the prod server via FTP.
I don't know exactly why this changed something, because it seems to me the files were the same, but this thing fixed the problem and I hope it could help someone else too.
Another possible cause can be to do with Session State config in IIS causing a redirect which appends "?AspxAutoDetectCookieSupport=1" to the URL. In my case I was performing a POST but the redirect was being performed as a GET by the HttpClient.
The solution I found was to add the following to my web.config:
<system.web>
<sessionState cookieless="UseCookies" />
</system.web>
Function names make it complicated for c# sometimes. Change name of the function, it will works. Like ProductPut instead of PutProduct or Put.
public Product ProductPut(Product p)
{
return repository.Add(p);
}
I have an MVC method:
public void PushFile([FromBody]FileTransport fileData)
Class is:
public class FileTransport
{
public string fileData;
}
In fileData I put byte[] from a file converted into a string (UTF-8), so the string can be large.
Problem is: if the string is too large (somewhere above 15000 characters) the fileData parameter is null. If the string is not that large, everything works fine and the parameter is as it should be.
How can I allow MVC to accept larger strings, or do I need to compress the string somehow beforehand?
EDIT:
Already tried:
<system.web.extensions>
<scripting>
<webServices>
<jsonSerialization maxJsonLength="2147483644"/>
</webServices>
</scripting>
</system.web.extensions>
But does not work. Maybe because MVC uses JSON.NET instead of the normal JsonSerializer?
Did you try to increase max length of the request?
<system.web>
<httpRuntime maxRequestLength="{REQUEST_LENGTH}"/>
<system.web>
Simple Point is - you dont put the string into the URL. Simple like that. Add it as payload. URL's are ressource locators, not "Content carriers".
I figured out it had nothing to do with content length. If seems like the Json does not encode properly with some characters on the sender's side, that's when MVC controller recieved null.