0

I faced the following problem. May be someone found this strange behavior too.

I have the following route definition in my global.asax.cs:

routes.Add(new Route("/module/{searchTerm}", new RouteValueDictionary { {"controller", "Module"}, {"action", "Index"} }, null, new MvcRouteHandler()));

So, nothing special, from the first point of view, but problem appear when space appear in search term as + sign.

For instance we try to open a link:

http://[myserver]/module/some%20search%20term

In this case everything is ok and it redirects us to a correct action, but in case if the link looks like:

http://[myserver]/module/some+search+term

I got an error stated that there are no routes that are match the URL provided.

By the way, I can't reproduce this issue on ASP.NET development server. It appear only on IIS. Probably someone did have such problems?

Karthik Chintala
  • 5,465
  • 5
  • 30
  • 60
Andrew Zolotukhin
  • 109
  • 3
  • 9
  • By Dev server, do you mean local IIS when run through the IDE or do you mean IISExpress? – Basic Mar 08 '13 at 13:22
  • It's a small local server that comes with Visual Studio. – Andrew Zolotukhin Mar 08 '13 at 13:24
  • In that case, you mean IISExpress which has it's own config files for each user account. The interesting thing is that it's the same core as full-blown IIS so functionally they should be identical. I don't know what's causing the difference but I'd start by looking in `C:\Users\\Documents\IISExpress\config` and seeing if there's anything in there that would account for it. – Basic Mar 08 '13 at 13:45
  • No, I even do not have an IISExpress installed on my computer, I tested it on Visual Studio ASP.NET Development Server. – Andrew Zolotukhin Mar 08 '13 at 14:00
  • That means Cassini (see http://msdn.microsoft.com/en-us/library/58wxa9w5.aspx) which is being replaced with IISExpress as it's not like-for-like with IIS. – Basic Mar 08 '13 at 14:02
  • Yes, I know that Cassini is replaced in VS 2012 by IISExpress. – Andrew Zolotukhin Mar 08 '13 at 14:14

3 Answers3

1
  • Percent encoding in the path section of a URL is expected to be decoded, but
  • any + characters in the path component is expected to be treated literally.

To be explicit: + is only a special character in the query component.

RFC 1738 (as modified by 2396 and 3986) defines the scheme (http:), authority (//server.example.com), and path (/myfile/mypage.htm) component, and does not define any special meaning for the + character.

Community
  • 1
  • 1
Jakub Konecki
  • 45,581
  • 7
  • 87
  • 126
0

+ sign is a delimiter of segments. Segments being scheme, authority, path and query.

From the URI RFC

2.2. Reserved Characters

Many URI include components consisting of or delimited by, certain special characters. These characters are called "reserved", since
their usage within the URI component is limited to their reserved
purpose. If the data for a URI component would conflict with the
reserved purpose, then the conflicting data must be escaped before
forming the URI.

  reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                "$" | ","

The "reserved" syntax class above refers to those characters that are allowed within a URI, but which may not be allowed within a
particular component of the generic URI syntax; they are used as
delimiters of the components described in Section 3.

Apparently, this was badly implemented in Cassini.

Carlos Martinez T
  • 6,458
  • 1
  • 34
  • 40
0
  • sign in path part of the URL does not work if double escaping is prohibited in IIS settings. It's a part of request filtering policy. But it could be configured in web.config Is Enabling Double Escaping Dangerous?

When I enabled it in my web.config everything started to work fine.

Community
  • 1
  • 1
Andrew Zolotukhin
  • 109
  • 3
  • 9