What you might be running into probably isn't an ASP.NET MVC issue. From what you describe it sounds like you are running into some of the IIS security features that block out potential attack urls.
Take a look at http://support.microsoft.com/kb/820129 and the AllowRerstrictedChars setting also http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437
Even though you encode the URL, Asp.Net page has a default behavior of rejecting suspicious request. Although its not recommended for pages that your absolutely sure of can be rendered by changing the page directive ValidateRequest.
Hi. I am having a similar issue in a test site in IIS 7. A URL such as: <SITENAME>/Cutlery-&-Accessories/Cutlery-&-Accessories.asp which has always worked in IIS6 and earlier suddenly no longer works in IIS 7, giving an error 400 as below. The confusing
thing to me is that it says asp.net detected the invalid characters, but this is a classic asp page, have I set something up improperly?
I try all methods above, even change some settings in registry and nothing help.
When I enter on my website on localhost I see
Error Summary
HTTP Error 400.0 - Bad Request
ASP.NET detected invalid characters in the URL.
Detailed Error Information Module WindowsAuthentication
Notification AuthenticateRequest Handler StaticFile
Error Code 0x00000000
Requested URL http://site.com:80/producenci/H&M
Physical Path D:\ftp\LocalUser\szafa\web\producenci\H&M
Logon Method Not yet determined
Logon User Not yet determined
I wonder why it choose StaticFile handler to serve my request, shouldn't be some MvcHandler?
And why it use WindowsAuthentication module in that request
It seems the 1st setting for allowingRestrictedChars would be the right answer, but this article pertains to IIS 6.0, do you think it will have the similar result on IIS 7?
Depending on the requirement, you may be bale to get a way by a simple find and replace technique I used in few pages, as long as your not depending on the text that your passing via Query parameter. I assume
that you need this to build the XML sitemap.
Example.
Public address: (Assuming the id for “Cutlery-&-Accessories” is 14)
/Cutlery and Accessories/14/Cutlery-and-Accessories.asp
Real address:
/Cutlery/productList.asp?categoryid=$2
The Regexp:
/(.{1,})/ ([0-9]+)/ (.{1,}) (\.htm|\.html)
Since your passing the ID to the page, there is no reason that you cannot replace “&” with “And” or a " ", you can still get the description with a DB call by ID.
however as i said it's depending on your requirement.
Our CMS generates flat URLs based upon the name. In this example, the customer did enter in Cutlery & Accessories, which we convert to Cutlery-&-Accessories. This has worked from IIS 3 thru 6 and only now is an issue. There must be a setting in IIS 7 to
ignore the &?
superevanc
Member
117 Points
50 Posts
Re: Bug in Url Building
Apr 15, 2008 06:12 PM|LINK
What you might be running into probably isn't an ASP.NET MVC issue. From what you describe it sounds like you are running into some of the IIS security features that block out potential attack urls.
Take a look at http://support.microsoft.com/kb/820129 and the AllowRerstrictedChars setting also http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437
Hope that helps track down your problem.
http 400 asp.net mvc
ariyawansa@g...
Member
10 Points
6 Posts
Re: Bug in Url Building
May 02, 2008 03:54 AM|LINK
Hi
Even though you encode the URL, Asp.Net page has a default behavior of rejecting suspicious request. Although its not recommended for pages that your absolutely sure of can be rendered by changing the page directive ValidateRequest.
<%@ Page Language="C#" ValidateRequest="false" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeFile="DealerDetails.aspx.cs" Inherits="Dealer_DealerDetails" Title="Untitled Page" %>
Cheers
shopvisible
Member
6 Points
4 Posts
Re: Bug in Url Building
May 08, 2008 07:11 PM|LINK
Hi. I am having a similar issue in a test site in IIS 7. A URL such as: <SITENAME>/Cutlery-&-Accessories/Cutlery-&-Accessories.asp which has always worked in IIS6 and earlier suddenly no longer works in IIS 7, giving an error 400 as below. The confusing thing to me is that it says asp.net detected the invalid characters, but this is a classic asp page, have I set something up improperly?
HTTP Error 400.0 - Bad Request
ASP.NET detected invalid characters in the URL.
<div class=content-container> </div>ksirg
Member
8 Points
6 Posts
Re: Bug in Url Building
May 08, 2008 08:17 PM|LINK
I try all methods above, even change some settings in registry and nothing help.
When I enter on my website on localhost I see
Error Summary
HTTP Error 400.0 - Bad Request
ASP.NET detected invalid characters in the URL.
Detailed Error Information
Module WindowsAuthentication
Notification AuthenticateRequest
Handler StaticFile
Error Code 0x00000000
Requested URL http://site.com:80/producenci/H&M
Physical Path D:\ftp\LocalUser\szafa\web\producenci\H&M
Logon Method Not yet determined
Logon User Not yet determined
I wonder why it choose StaticFile handler to serve my request, shouldn't be some MvcHandler?
And why it use WindowsAuthentication module in that request
When it will be next version of asp.mvc?
http 400 asp.net mvc bad request
ksirg
Member
8 Points
6 Posts
Re: Bug in Url Building
May 08, 2008 08:41 PM|LINK
Oh sorry, when I set all three things :
its start working :)
I hope that helps.
http 400 asp.net mvc bad request
shopvisible
Member
6 Points
4 Posts
Re: Bug in Url Building
May 08, 2008 09:01 PM|LINK
ariyawansa@g...
Member
10 Points
6 Posts
Re: Bug in Url Building
May 09, 2008 12:03 AM|LINK
Depending on the requirement, you may be bale to get a way by a simple find and replace technique I used in few pages, as long as your not depending on the text that your passing via Query parameter. I assume that you need this to build the XML sitemap.
Example.
Public address: (Assuming the id for “Cutlery-&-Accessories” is 14)
/Cutlery and Accessories/14/Cutlery-and-Accessories.aspReal address:
/Cutlery/productList.asp?categoryid=$2
The Regexp:
/(.{1,})/ ([0-9]+)/ (.{1,}) (\.htm|\.html)
Since your passing the ID to the page, there is no reason that you cannot replace “&” with “And” or a " ", you can still get the description with a DB call by ID.
however as i said it's depending on your requirement.
Cheers and Good luck
Krish
shopvisible
Member
6 Points
4 Posts
Re: Bug in Url Building
May 09, 2008 12:18 AM|LINK