We have implemented weather API controller to update weather data and inherited ControllerBase in API controller with APIController action filter like below and enabled security code scan.
using Microsoft.AspNetCore.Mvc;
namespace SampleApiApplication.Controllers
{
[ApiController]
public class WeatherForecastController : ControllerBase
{
[HttpPost]
[Route("UpdateWeatherDetails")]
public IEnumerable<WeatherForecast> PostWeatherDetails(WeatherForecast weatherForecast)
{
// Some lines of code to implement
}
}
}
I can be able to post Json content data, but I Could not able to post data with content type as application/x-www-form-urlencoded in UpdateWeatherDetails API.
To resolve the above issue, I have used [FromForm] attribute to post form data like below, now I am able to post form data and Json data. But I have faced security warning SCS0016.
using Microsoft.AspNetCore.Mvc;
namespace SampleApiApplication.Controllers
{
[ApiController]
public class WeatherForecastController : ControllerBase
{
[HttpPost]
[Route("UpdateWeatherDetails")]
[Consumes("application/json")]
public IEnumerable<WeatherForecast> PostWeather([FromBody] WeatherForecast weatherForecast)
{
return PostMethod(weatherForecast);
}
[HttpPost]
[Route("UpdateWeatherDetails")]
public IEnumerable<WeatherForecast> PostWeatherDetails([FromForm] WeatherForecast weatherForecast)
{
// Some lines of code to implement
}
}
}
I thought after adding FromForm attribute only facing security warning and removed it, now no security warning, but I am unable get data binding to parameter. Now, I have removed [ApiController] attribute and tried to post form data, Now I am able to post form data.
But I am again getting Security warning** SCS0016 **for that method.
How to resolve the above Security issue and get data send with application/x-www-form-urlencoded working?