Thursday, 4 September 2008

Migrating ASP.NET apps to Windows Server 2008 / IIS7 - URLs with '+' don't work

Having successfully migrated production .NET v3.5 web applications over to Server 2008, one issue is that some URLs don't work, ie. ones that have a '+'.  This is because IIS7 rejects such URLs with Error 404.11 'URL_DOUBLE_ESCAPED'; See here.

To resolve it, simply put

    <requestFiltering allowDoubleEscaping="false" />
</system.webServer> your web.config under 'configuration'

This makes the server less secure against Canonicalization Attacks.