IIS7.5 ASP.NET MVC users hitting strange URLs: /(F(1xe9eXIxPz

Question

We are getting reports from a small number of users that they are ending up on very strange paths in our web app, of the form:

https://www.example.com/(F(1xe         


        

Answer 1

Take a look at Understand How the ASP.NET Cookieless Feature Works:

In V2.0, Anonymous Identification and Forms Authentication also use this feature. The URL may now look like this: http://MySite.com/MyWebApplication/(A(XXXX)S(XXXX)F(XXXX))/home.aspx

and further down:

F(XXXX): This is the Forms Authentication ticket.

Probably some of your clients block cookies.

EDIT: That said, that URL you've posted seems excessively long. Maybe the MVC internals or the URL rewriting interact with it badly for whatever reason.

Question MVC2 Cookieless Session Issue using POST might be somewhat related.

EDIT2: This thread seems to also be related to your problem: http://forums.asp.net/t/1612673.aspx. The author mentions that

some users are reporting http 400 errors

because apparently

some users are getting forms auth tokens that are longer than normal, since these are passed in the URL they are making the URL length longer than IIS will accept

Might be a long shot, but worth a try.