views:

188

answers:

1

I'm using custom routing in a web forms context. I have some titles (part of my custom route) that have say a question mark character. When I URL encode this text ("Question?") and then pass into my route, I get an HTTP ERROR CODE 400. Apparently, the URL encoded text is somehow confusing the routing manager.

Can someone provide context and explanation for this? Beyond that, I'm thinking I don't need to URL encode these route data but merely strip out the problem characters. Are there any security risks to not using URL decode/encode? And what are the problem characters? A list would be useful.

Thanks!

Update: It seems the % character is not allowed in the query string in a custom route. Look forward to some good input on this issue!

A: 

Here is what MS says about the UrlEncode() 'URL encoding ensures that all browsers will correctly transmit text in URL strings. Characters such as a question mark (?), ampersand (&), slash mark (/), and spaces might be truncated or corrupted by some browsers. As a result, these characters must be encoded in tags or in query strings where the strings can be re-sent by a browser in a request string.'

Also, you should encode only the query parameters, otherwise the result will cause problems. For example, if you have this link

http://www.contoso.com/articles.aspx?title=ASP.NET+Examples

And you encode the whole, you'll get

http%3a%2f%2fwww.contoso.com%2farticles.aspx%3ftitle%3dASP.NET%2bExamples

For more detail refer to http://msdn.microsoft.com/en-us/library/zttxte6w.aspx

I use ASP.net routing that comes with the version 4.0. Here is sample code http://weblogs.asp.net/scottgu/archive/2009/10/13/url-routing-with-asp-net-4-web-forms-vs-2010-and-net-4-0-series.aspx . You can manipulate quite easy your links.

UPDATE: Microsoft has made some changes to IIS7 that might cause problems with the routing. So try changing the setting "Managed Pipeline Mode" of the Application Pool from Integrated to Classic.

Teddy
Curtis White
What App pool setting are you using?
Teddy