You must Sign In to post a response.
  • Category: Sharepoint

    A potentially dangerous Request.Path value was detected from the client (:).

    --- My c# code to access sharepoint 2013 rest api to upload file share point,

    But i am getting error - A potentially dangerous Request.Path value was detected from the client (:).



    //Create a namespace manager for parsing the ATOM XML returned by the queries.
    XmlNamespaceManager xmlnspm = new XmlNamespaceManager(new NameTable());

    //Add pertinent namespace to the namespace manager.
    xmlnspm.AddNamespace("d", "http://schemas.microsoft.com/ado/2007/08/dataservices");

    //Execute a REST request to get the form digest. All POST requests that change the state of resources on the host
    //Web require the form digest in the request header.

    HttpWebRequest contextinfoRequest =
    (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/" + "/_api/contextinfo");
    contextinfoRequest.Method = "POST";
    contextinfoRequest.ContentType = "text/xml;charset=utf-8";
    contextinfoRequest.ContentLength = 0;
    contextinfoRequest.Credentials = System.Net.CredentialCache.DefaultCredentials;

    //contextinfoRequest.Credentials = new NetworkCredential("anagaman", "israel20~14", "chinta.net");

    //contextinfoRequest.Headers.Add("Authorization", "Bearer " + accessToken);


    HttpWebResponse contextinfoResponse = (HttpWebResponse)contextinfoRequest.GetResponse();
    StreamReader contextinfoReader = new StreamReader(contextinfoResponse.GetResponseStream(), System.Text.Encoding.UTF8);
    var formDigestXML = new XmlDocument();
    formDigestXML.LoadXml(contextinfoReader.ReadToEnd());
    var formDigestNode = formDigestXML.SelectSingleNode("//d:FormDigestValue", xmlnspm);
    string formDigest = formDigestNode.InnerXml;

    string srcUrl = @"D:\VisCore\VS.VisCore.Website\Images\Viscore_Status.docx";

    var a = "http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)";

    //HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)");

    HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files/add(url=" + srcUrl + ",overwrite=true)");

    //HttpWebRequest endpointRequest3 = (HttpWebRequest)HttpWebRequest.Create("http://testserver:10050/_api/web/GetFolderByServerRelativeUrl('/VisCore/BSDocs/Documents/1754/')/Files");

    //http://site url/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files/add(url='a.txt',overwrite=true)
    endpointRequest3.Method = "POST";

    endpointRequest3.Credentials = System.Net.CredentialCache.DefaultCredentials;
    //endpointRequest3.Credentials = new NetworkCredential("anagaman", "israel20~14", "chinta.net");

    if (!File.Exists(srcUrl))
    {
    throw new ArgumentException(String.Format("{0} does not exist",
    srcUrl), "srcUrl");
    }

    FileStream fStream = File.OpenRead(srcUrl);
    string fileName = fStream.Name.Substring(3);
    byte[] contents = new byte[fStream.Length];
    fStream.Read(contents, 0, (int)fStream.Length);
    fStream.Close();

    endpointRequest3.ContentLength = contents.Length;
    endpointRequest3.Headers.Add("X-RequestDigest", formDigest);

    try
    {
    Stream listRequestStream = endpointRequest3.GetRequestStream();
    listRequestStream.Write(contents, 0, contents.Length);
    listRequestStream.Close();
    HttpWebResponse listResponse = (HttpWebResponse)endpointRequest3.GetResponse();
    }
    catch (WebException e)
    {
    using (WebResponse response = e.Response)
    {
    HttpWebResponse httpResponse = (HttpWebResponse)response;
    Console.WriteLine("Error code: {0}", httpResponse.StatusCode);
    using (Stream data = response.GetResponseStream())
    using (var reader = new StreamReader(data))
    {
    string text = reader.ReadToEnd();
    Console.WriteLine(text);
    }
    }
    }

    ---------------------------


    A potentially dangerous Request.Path value was detected from the client (:).
  • #750264
    Hello anbu,

    Check all URL used in this code, they all must be valid.
    May be you got error becuase you used "< > * % & : \ ?" one of special character in your URL
    .net framework 4+ doesn't allow that kind of special character.
    You can set validations in web.config like that

    <system.web>
    <httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
    </system.web>

    or you can set request validation mode to 2.0 like this

    <system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
    </system.web>

    I hope this will help you.

    Regards,
    Nirav Prabtani (Senior Web Developer)
    Email : niravjprabtani@gmail.com
    blog : niravprabtani.blogspot.in

  • #750267
    try the below settings in the web.config file configuration file.

    <system.web>
    <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
    <pages validateRequest="false" />
    </system.web>

    or check the below link for more information :

    http://stackoverflow.com/questions/5967103/a-potentially-dangerous-request-path-value-was-detected-from-the-client

    Miss. Jain
    Microsoft Certified Technology Specialist in .Net

  • #750289
    You are trying to use : (colon) symbol in path, which is not allowed in the path of the URL
    But you can use Querystring to pass that symbol
    If you're using .NET 4.0 you should be able to allow these urls via the web.config, see below snippet

    <system.web>
    <httpRuntime requestPathInvalidCharacters="<,>,%,&,:,\,?" />
    </system.web>

    You can add such characters in above tag and your application wont give you error

    Thanks
    Koolprasd2003
    Editor, DotNetSpider MVM
    Microsoft MVP 2014 [ASP.NET/IIS]

  • #750326
    Hi Prasad kulkarni

    how to use Querystring to pass that symbol (:)

  • #750341
    Create a Query string as



    Response.Redirect("test.aspx?Val=anil:pandey");

    Thanks & Regards
    Anil Kumar Pandey
    Microsoft MVP, DNS MVM


  • Sign In to post your comments