The reason I'm asking is because IIS protects certain ASP.NET folders, like Bin, App_Data, App_Code, etc. Even if the URL does not map to an actual file system folder IIS rejects a URL with a path segment equal to one of the mentioned names.

This means I cannot have a route like this:

{controller}/{action}/{id}

... where id can be any string e.g.

Catalog/Product/Bin

So, instead of disabling this security measure I'm willing to change the route, using a suffix before the id, like these:

{controller}/{action}_{id} // e.g. Catalog/Product_Bin
{controller}/{action}/_{id} // e.g. Catalog/Product/_Bin

But these routes won't work if the id contains the new delimeter, _ in this case, e.g.

// These URL won't work (I get 404 response)
Catalog/Product_Bin_
Catalog/Product/_Bin_
Catalog/Product/__Bin

Why? I don't know, looks like a bug to me. How can I make these routes work, where id can be any string?

Ok, I have a definitive answer. Yes, this is a bug. However, at this point I regret to say we have no plans to fix it for a couple of reasons:

• It's a breaking change and could be a very hard to notice one at that.
• There's an easy workaround.

What you can do is change the URL to not have the underscore:

{controller}/{action}/_{id}

Then add a route constraint that requires that the ID parameter starts with an underscore character.

Then within your action method you trim off the underscore prefix from the id parameter. You could even write an action filter to do this for you if you liked. Sorry for the inconvenience.

You can use characters that are not allowed for a directory or file name like: *,?,:,",<,>,|.

With ASP.NET MVC if you look at the source they have a hard-coded value for the path separator (/) and to my knowledge cannot be changed.