"Bad Request" error when using friendly URLs with special characters in ASP.NET

I have been creating a lot of Http Modules lately as a number of projects I am working and consulting on have large API back ends. Http Modules work fantastically for ASP.NET because all Http requests are pumped through all of a site’s modules before they actually hit IIS.

One of the API methods I’m working on requires a URL to be passed as a parameter, and in order to simplify usage of the API, these parameters are passed through the URL so the application using the API, doesn’t have to post variables to the API.

However, if the request contains certain reserved characters then you can run into a problem. Even if the characters such as $. %, ? are encoded correctly the page may not be returned and all you see is “bad request” (error 400). It isn’t your code that is causing this though but the behaviour of the ASP.NET ISAPI filter which doesn’t pass the request on.


After some Googling I found there is a Microsoft KB Article 826437 about the issue

Apparently the solution given is incorrect though and the correct registry key entry is shown below:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET]
“VerificationCompatibility”=dword:00000001

However, this didn’t seem to work for me, perhaps because I am running version 2.0 of the Framework and not 1.1 as indicated in the Knowledge Base Article.

There is an upside however, in that you can pass reserved characters through the request if they are inside a query string value. It’s not a perfect solution of course, because PHP would let you do it no problems, but it is a work around that worked for me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.