Why do the following URLs give me the following IIS errors:
A) http://192.168.1.96/cms/View.aspx/Show/Small+test '
A2) http://192.168.1.96/cms/View.aspx/Show/Small%20test '<- this works, but is not the result of HttpUtility.UrlEncode ()
B) http://192.168.1.96/cms/View.aspx/Show/ '% 26 $% 23funky ** !! ~ '' + page
Error for A:
HTTP Error 404.11 - Not Found The request filtering module is configured to deny a request that contains a double escape sequence.
Error for B:
HTTP Error 400.0 - Bad Request ASP.NET detected invalid characters in the URL.
The last part of the URL after / Show / is the result after sending the text through HttpUtility.UrlEncode (), therefore, according to Microsoft, it is correctly encoded by the URL.
If I am a user of HttpUtility.UrlPathEncode () and not HttpUtility.UrlEncode (), I get A2 results. But B ends up like this:
http://192.168.1.96/TVCMS-CVJZ/cms/View.aspx/Show/ '& $ # funky ** !! ~ ''% 20page
which is still wrong. Does Microsoft know how to encode a URL at all? Is there a function that someone wrote to do it right?
EDIT:
I wrote my own encoder:
static public string UrlEncode(string encode) { if (encode == null) return null; string encoded = ""; foreach (char c in encode) { int val = (int)c; if ((val >= 48 && val <= 57) || (val >= 65 && val <= 90) || (val >= 97 && val <= 122)) encoded += c; else encoded += "%" + val.ToString("X"); } return encoded; }
The function works with A2 above, just fine, the result for B:
http://192.168.1.96/cms/View.aspx/Show/%27%26%24%23funky%2A%2A%21%21~%27%27%20page
But even if it seems like a good valid URL, IIS still gives me
HTTP Error 400.0 - An invalid ASP.NET request detected invalid characters in the URL.
c # urlencode iis-6
Justin808
source share