IIS 7 Bad Request response when %0A exists in the URL

Question

I have an application that was supposed to accept unsafe characters from Salesforce. They are %0A and %0D (so far...) and they're not working.

I've set allowDoubleEscaping to true, requestValidationMode to 2.0, requestPathInvalidCharacters to BLANK, relaxedUrlToFileSystemMapping to true and maxRequestLength to 1024.

It didn't work. Then I tried setting a custom error for 400 to redirect to the same page without passing it the data Salesforce was sending. Also didn't work.

Then I tried doing the same through the IIS 7 Error Pages section and it still didn't work.

How can I:

1. Get the app to accept the characters?
2. Or get the app/IIS to redirect to the same page for manual entry?

All of this is in an ASP.NET MVC 3 application, but I doubt that matters because its probably IIS stopping it before it even calls the ASP.NET runtime.

I'd appreciate some help. Thanks in advance!

Answer 1

Where you probably want to look is in the IIS Manager, click on your server node (or website node), an find the Request Filtering icon. Go to the URL tab and here you can either allow specific URL's always, or change the way URL filtering is handled in general. I'm sure these setting are also avaialble under the section of the web.config file, but I dont know off hand what all the settings elements and attributes would be (I'm sure you could do a search and find them easily).

You may have to fight past ASP.NET after you fix this as well.