Someone on my project pointed me at this useful article from Alois Kraus about the 400 “Bad Request” exception coming from ASP.NET. In particular, it cleared up the way that length checking is performed on a URL in an incoming request.
On my project we are relying on a key from FAST ImPulse, a search engine for eCommerce apps. This key is included in a URL. In certain deep search scenarios, e.g. lots of filtering on facets of a product, this key can become very long. This has been resulting in the “Bad Request” messages. It turns out that there is a difference between including this key in the path of the URL and as a query string parameter. For example:
http://www.example.com/{key}/results.aspx
http://www.example.com/results.aspx?key={key}
If {key} is close to 260 characters, the first URL will be rejected by ASP.NET whereas the second will be accepted. ASP.NET only allows the path part of the URL to reach 260 characters. As the article mentions, ASP.NET 4 allows this limit to be changed.
Josh's Space 