Plus (+) in MVC Argument causes 404 on IIS 7.0
System.Web.HttpUtility.UrlPathEncode(string str)
encodes a +
to a %20
+
only has the special meaning of being a space in application/x-www-form-urlencoded
data such as the query string part of a URL.
In other parts of the URL like path components, +
literally means a plus sign. So resolving Full+Size
to the unencoded name Full Size
should not work anywhere.
The only correct form of a space in a path component is %20
. (It still works when you type an actual space because the browser spots the error and corrects it for you.) %20
also works in form-URL-encoded data as well, so it's generally safest to always use that.
Sadly HttpUtility.UrlEncode
is misleadingly-named. It produces +
in its output instead of %20
, so it's really a form-URL-encoder and not a standard URL-encoder. Unfortunately I don't know of an ASP.NET function to “really URL-encode” strings for use in a path, so all I can recommend is doing a string replace of +
to %20
after encoding.
Alternatively, avoid using spaces in path parts, eg. by replacing them with -
. It's common to ‘slug’ titles being inserted to URLs, reducing them to simple alphanumerics and ‘safe’ punctuation, to avoid filling the URL with ugly %nn
sequences.
This is an IIS security setting. There is a standard request filter that rejects URLs containing + (plus) characters.
You can disable it for your web, adding this to your web.config:
<configuration>
...
<system.webServer>
...
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
...
</configuration>