I am using the following code to build my url:
 

Url.Action(new { action = "Tag", controller = "Story", name = tagItem.Name, page = 1 })

The tagItem.Name can be anything which I am expecting the Framework will do the proper encoding. if the tag name is "Bussiness & Finance" it is generating Story/Tag/Business%20&%20Finance/1. In VS Web Server it is running okay but when I host it in iis6 or iis7 it starts to throw 400 - bad request.

Any help will be appreciated.

Well, ampersands are reserved when it comes to URLs -- they're used to split the query string in parameters. I would bet that's what's going on. You'll probably need to HTML-encode your tagItem.Name property or something similar.

Edit: I meant URL-encode, cause HTML-encode would just give you &, which would cause the same issue.

Pls take a look at the generated value it is already encoded, so doing the re-enocde will not make any impact. But the issue is why this encoded value throwing html error 400 when hosting in both iis6 and iis7!!!

I agree, I think you've found a bug. But I believe what sliderhouserules meant was UrlEncode it before you pass it as an argument, like this: 

Url.Action(new { action = "Tag", controller = "Story", name = HttpUtility.UrlEncode(tagItem.Name), page = 1 })

 Or

Url.Action(new { action = "Tag", controller = "Story", name = Server.UrlEncode(tagItem.Name), page = 1 })

Using HttpUtility.UrlEncode is a security best practice according to msdn to protect against cross-site scripting attacks, but I haven't seen it used much so I don't know how well it actually works. And even the MVC framework uses both interchangeably, but since I've started using it I haven't had any problems.

I tried the foolowing prior posting this issue, i have added the result:

Server.UrlEncode(tagItem.Name) -> Story/Tag/Business+%26+Finance/1 -> Html Error 400 - Bad Request

Html.Encode(tagItem.Name) -> Story/Tag/Business%20&%20Finance/1 -> Html Error 400 - Bad Request

HttpUtility.UrlEncode(tagItem.Name) -> Story/Tag/Business+%26+Finance/1 -> Html Error 400 - Bad Request

HttpUtility.UrlPathEncode(tagItem.Name) -> Story/Tag/Business%20&%20Finance/1 -> Html Error 400 - Bad Request

Any other workaround ?

KaziManzurRashid:

I tried the foolowing prior posting this issue, i have added the result:

Server.UrlEncode(tagItem.Name) -> Story/Tag/Business+%26+Finance/1 -> Html Error 400 - Bad Request

Html.Encode(tagItem.Name) -> Story/Tag/Business%20&%20Finance/1 -> Html Error 400 - Bad Request

HttpUtility.UrlEncode(tagItem.Name) -> Story/Tag/Business+%26+Finance/1 -> Html Error 400 - Bad Request

HttpUtility.UrlPathEncode(tagItem.Name) -> Story/Tag/Business%20&%20Finance/1 -> Html Error 400 - Bad Request

Any other workaround ?

The fact that you're getting HTTP 400 when you correctly encode the ampersand means there's something else going on. I just wanted to clarify what I was saying. 

I have the same issue. On my localhost machine it's ok but on iis7 it throw "Bad Request"

I try all methods  above and also UrlEncodeUnicode

Is there any solution for that ? Maybe it's iis problem? Have you try with normal asp.net app?
 

Which version are you using? The latest version automatically UrlEncodes the values in the path. Make sure you are using the MIX release (early march) and remove the call to UrlEncode.

Also, have you checked to see if you are using the ".mvc" extension in your url? It isn't required on IIS 7.0, so if you are you can make sure to remove it. But just verify that your routes take the difference into account.

 I use mix version and my routes don't have ".mvc" extensions.

 And mvc do HtmlAttributeEncode  not UrlEncode

HtmlHelper.cs line 121 

return String.Format(CultureInfo.InvariantCulture, _anchorTag, HttpUtility.HtmlAttributeEncode(url), HttpUtility.HtmlEncode(linkText));

What you might be running into probably isn't an ASP.NET MVC issue.  From what you describe it sounds like you are running into some of the IIS security features that block out potential attack urls.

Take a look at http://support.microsoft.com/kb/820129 and the AllowRerstrictedChars setting  also http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437

Hope that helps track down your problem. 

Hi

Even though you encode the URL, Asp.Net page has a default behavior of rejecting suspicious request. Although its not recommended for pages that your absolutely sure of can be rendered by changing the page directive ValidateRequest.

 
 <%@ Page Language="C#" ValidateRequest="false" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeFile="DealerDetails.aspx.cs" Inherits="Dealer_DealerDetails" Title="Untitled Page" %>

 Cheers
 

Hi.  I am having a similar issue in a test site in IIS 7.  A URL such as: <SITENAME>/Cutlery-&-Accessories/Cutlery-&-Accessories.asp which has always worked in IIS6 and earlier suddenly no longer works in IIS 7, giving an error 400 as below.  The confusing thing to me is that it says asp.net detected the invalid characters, but this is a classic asp page, have I set something up improperly?

HTTP Error 400.0 - Bad Request

ASP.NET detected invalid characters in the URL.

I try all methods above, even change some settings in registry and nothing help.

When I enter on my website on localhost I see

Error Summary
HTTP Error 400.0 - Bad Request
ASP.NET detected invalid characters in the URL.
Detailed Error Information
Module    WindowsAuthentication
Notification    AuthenticateRequest
Handler    StaticFile
Error Code    0x00000000
Requested URL    http://site.com:80/producenci/H&M
Physical Path    D:\ftp\LocalUser\szafa\web\producenci\H&M
Logon Method    Not yet determined
Logon User    Not yet determined

I wonder why it choose StaticFile handler to serve my request, shouldn't be some MvcHandler?
And why it use WindowsAuthentication  module in that request

 When it will be next version of asp.mvc?
 

Oh sorry, when I set all three things :

1. AllowRestrictedChars http://support.microsoft.com/kb/820129
2. VerificationCompatibility - http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437 without instaling service pack 1 to .net 1.1
3. and set on asp.net page ValidateRequest=false

its start working :)

I hope that helps.