update posted (Score 1)

Brian Goldfarb who is a program manager for ASP.NET today posted a link to a http handler that will block requests using malformed URLs for all web apps on the server. Link I think this is a bit overblown here. URLscan which is recommended in any MS security blocks this. The ASP.NET security guide shows how to avoid cannonicalization issues. On the other hand how did this get through testing? .NET has an excellent security track record with very. very few issues. I think that this is the first major one. Good for something as large as .NET. MS has come a long way over the last couple of years with security. Best of luck to them over there. More info can also be found here.