This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 42%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
I am trying to fetch binaries/files from Artifacts --> Package using API call. URL: GET https://feeds.dev.azure.com/TTLDevOps/CI-CD_Sandbox/_apis/packaging/Feeds/Universal_Artifacts3/packages/MavenProject.Automationtesting:Automationtesting/versions/latest/files?api-version=7.2-preview.1 Where Package name is "MavenProject.Automationtesting:Automationtesting"
But in response I am getting error as below:
{
"$id": "1",
"innerException": null,
"message": "A potentially dangerous Request.Path value was detected from the client (:).",
"typeName": "System.Web.HttpException, System.Web",
"typeKey": "HttpException",
"errorCode": 0,
"eventId": 0
}
This seems to be because of : in the URL (Name of Package). One solution to replace : with %3A didn't work in my case. Can anyone suggest a solution for this case.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Hi @Errammagari, Sai,
Asp.Net 4.0+ comes with a very strict built-in request validation, part of it is the potential dangerous characters in the url which may be used in XSS attacks. Here are default invalid characters in the url :
< > * % & : \ ?
You'd better avoid using characters like "?" .
You can try these settings in your web.config file:
<system.web>
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
<pages validateRequest="false" />
</system.web>
or you can change this behavior in your config file:
<system.web>
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
</system.web>
Best regards,
Lan Huang
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Lan Huang, Thanks for proving the solution, so quickly and in detail :) Regards, Sai Kiran
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 94%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Hi @Lan Huang-MSFT , I hit the similar issue, like "A potentially dangerous Request.QueryString value was detected from the client (filter="...dList eq '<bZFZ0B4I...")" . But the project is net core 8.0. It seems no web.config there, do you know how I can avoid such request validation in my stand-alone executable project.
And from the official doc, requestValidationMode is only applied for net framework.https://video2.skills-academy.com/en-us/dotnet/api/system.web.configuration.httpruntimesection.requestvalidationmode?view=netframework-4.8.1
Hi @Liangjun Hu,
Sorry, I don't know much about .NET CORE, maybe you can post a thread with "ASP.NET Core" tag to ask for help.