Any potential security risks with turning on relaxedUrlToFileSystemMapping to allow URLs having part ending with '.'?

Question

We are having an issue where our application fails when the URL has any part ending with \'.\' in it\'; we can\'t avoid this due to functional requirements. The suggested so

Answer 1

A little late to the party but I thought I'd add what worked for me.

I just ran into this today, but fortunately was able to work around it. The solution was to pass the value that contained the dot (period) as part of the querystring, not the URL. You lose the elegance of having a clean URI without querystring, but it works without lowering security or changing any settings.

E.g. http://localhost/Home/hi.how:areyou will fail because it contains two illegal chars as part of the URI, the dot and the colon. However http://localhost/Home/id=hi.how:areyou will work perfectly.

Props to Scott Hanselman that, as always, will have blogged about pretty much all crazy scenarios and issues that one might run into while doing .NET development.