I am working on some asp.net MVC4 project (iis 7). To prevent "Potentialy dangerous request" message I added to the web.config file the line "httpRuntime requestValidationMode="2.0" />" It did prevent the message but another thing occurred - the url suddenly became case sensetive. When I remove this line the url return to be not case sensitive, but the message comes back.
Does someone know how can I enjoy both the advantages?
Thank a lot!
EDIT: Well, I found that the difference is that when I add this line the auth cookies (fedAuth) are difference, and for some reason the new cookies are with expire date and case sensitive. Still can't understand the reason to the difference and how to prevent it.
I have searched a bit how MVC on IIS could turn case sensitive, it looks like this is almost not even supposed to be supported. You likely have some custom code that goes wrong.
This could be some hack / bad logic in your routes configuration (by default located in
App_Start/RouteConfig.cs). Or some bad code in your action filters,Controller.OnActionExecutingoverrides, or even directly in your actions implementation.You may also have URL Rewrite installed and badly setup. Check some examples here.