Reputation: 1188
Deleting an Azure Blob in MVC 3
I'm trying to delete blobs in an mvc 3 application that uses azure storage.
I'm trying to pass the Uri of the blob which will be deleted to the controller, however an error is thrown:
A potentially dangerous Request.Path value was detected from the client (:)
I think this is from the https: part of the Uri and I need to parse it out, however I'm not sure how to do that. I'm wondering how to fix this error.
Is there a more graceful way to delete a blob from storage?
Upvotes: 0
Views: 433
Answers (3)
Reputation: 1188
I was able to fix it and I want to summarize the solution, since it requires bit from the other two answers and bits mostly from the Scott Hanselman Blog post.
You need to do a few things to make this work:
Put the
[ValidateInput(false)]on your action method.Make sure your Url is properly encoded (an example is given in the above post) which is done when you use the
blobVariableName.Uri.AbsoluteUrias the string to pass from your view to your controller, so you shouldn't have to do anything there.Make your query string looks like
http://site/controller/action?blobid=http%3A%2F%2F...and NOThttp://site/controller/action/http%3A%2F%2F...the latter won't work!
On a side note, since I started, our functional requirements changed and now were storing information about each blob in the database, which allows me to pass parameters other than the blob's uri, which seems like a much safer way to play it.
A great deal of the community appears to be in agreement that it is a bad idea to pass uri's and to open up your application as to allow you to do so.
Upvotes: 0
Reputation: 66882
If you want unsecure content to get through then you can add [ValidateInput(false)] to your action - however, this is opening up something that is there for your security - so only do this if you are sure you're code is secure - see first answer in A potentially dangerous Request.Form value was detected from the client
Upvotes: 1
Reputation: 1038780
You must properly URL encode your urls. Here's an example of a badly encoded url:
http://foo.com/controller/action?param=http://bar.com
Here's how it should look like:
http://foo.com/controller/action?param=http%3A%2F%2Fbar.com
Or maybe you are having an url of the form:
http://foo.com/controller/action/https://bar.com
which is even worse. If you want to use special characters in the Path portion of an URL you might find the following blog post useful.
Upvotes: 1
Related Questions
- Deleting Blob from Azure storage using C#
- How to delete a file from azure blob storage after downloading it
- How to Delete Blob from Azure Storage using BlobClient
- Why cannot I not delete any blobs in my Azure Storage account from my ASP.NET Core Application?
- Trying to delete an Azure blob - getting blob does not exist exception
- Deleting a folder from blob container
- Deleting Blobs from azure storage mvc
- How to delete Azure blob from asp.net web api?
- When Delete the blob in azure cloud The remote server returned an error: (404) Not Found
- how to delete blob in windows azure