0

I have a Microsoft ASP.net Web API project (using .net Framework 4.61) which has API methods which are supposed to accept POST requests where the Post contains MIME multi part messages.

The .net Framework has the methods HttpContentMultipartExtensions.IsMimeMultipartContent and HttpContentMultipartExtensions.ReadAsMultipartAsync to be able to automatically work with MIME multi part messages.

Using the following example code in the WebAPI controller:

public class MySampleController : ApiController
{
    public IHttpActionResult Post()
    {
        if(this.Request.Content.IsMimeMultipartContent())
        {
            return Json("OK");
        }
        else
        {
            throw new Exception("No Multipart");
        }
    }
}

this produces the following results for the given Content-Type headers in the Post request:

  • multipart/related;type=application/dicom+xml;boundary=MESSAGEBOUNDARY -> Exception is triggered
  • multipart/related;type="application/dicom+xml";boundary=MESSAGEBOUNDARY -> Outputs OK
  • multipart/related;type=application-dicom+xml;boundary=MESSAGEBOUNDARY -> Outputs OK

Seems like the Multi Part handling in .net is not able to handle a slash that occurs in the type parameter of the Content-Type header, unless the value is embedded in double quuotes, although as far as I understand the RFCs, using the double quotes is optional in this case.

  • Is there some setting in the WebAPI project or in IIS to fix this problem?
  • Is there an approach fixing this problem via code?
  • Or is maybe the behaviour standards conform and the double quotes are required?

For reference, this is some simple code you can use from another application to send the post request:

private void buttonSend_Click(object sender, EventArgs e)
{
    HttpWebRequest myRequest = (HttpWebRequest)WebRequest.Create(@"http://localhost/projectname/api/mysample");

    myRequest.Method = "POST";

    // Server call fails when the double quotes around the type value are removed
    myRequest.ContentType = "multipart/related;type=\"application/dicom+xml\";boundary=MESSAGEBOUNDARY"; 


    string body = @"--MESSAGEBOUNDARY
Content-Type: application/dicom+xml

<?xml version=""1.0"" encoding=""UTF-8""?>
<NativeDicomModel>
</NativeDicomModel>

--MESSAGEBOUNDARY--";

    var data = Encoding.Default.GetBytes(body);
    myRequest.ContentLength = data.Length;
    Stream newStream = myRequest.GetRequestStream();
    newStream.Write(data, 0, data.Length);
    var lResponse = myRequest.GetResponse();

    MessageBox.Show("OK");
}
NineBerry
  • 26,306
  • 3
  • 62
  • 93
  • Have you tried putting an `@` at the from of your string, to flag it as not obeying internal quoting? Like: `myRequest.ContentType = @"multipart/...";` – Jesse Chisholm May 30 '18 at 21:04

1 Answers1

0

On a second reading of RFC2045 chapter 5.1 (Syntax of the Content-Type Header Field), I find that the slash character actually does make using the double quotes mandatory:

 tspecials :=  "(" / ")" / "<" / ">" / "@" /
               "," / ";" / ":" / "\" / <">
               "/" / "[" / "]" / "?" / "="
               ; Must be in quoted-string,
               ; to use within parameter values

So, Microsoft's implementation is correct.

NineBerry
  • 26,306
  • 3
  • 62
  • 93
  • 1
    Still, if you have any idea on how to teach ASP.net how to accept such non-standard-conform values, please add your answer. I would be interested – NineBerry Apr 12 '18 at 16:46