People are linking to our site externally, and in doing so, by passing 'bad parameters', are essentially breaking those pages they're linking to. They're doing this by providing a URL as such:
You'll notice the ampersand within the parameter name. This causes IIS to fail with the following error:
Failed to Execute URL.
at System.Web.Hosting.ISAPIWorkerRequestInProcForIIS6.BeginExecuteUrl(
I would like to prevent someone from having the power to break our site, for one, and secondly would like users to be able to access the page they want even if the link provider made a mistake.
How can I configure IIS to execute URLs while ignoring query string errors?
As it happens, this seemed* to be a quirk with our solution originally targeting .NET 1.1 and later being upgraded to .NET 2.0; .NET 1.1 apparently registers an HttpHandler at the global level (in the machine.config?) which configures the StaticFileHandler to handle standard html (*.htm) files, and .NET 2.0 changes this.
So, when upgrading, if you don't register the handler in your local application's configuration then, when deployed, IIS will try to process *.htm files and in certain instances dies (in the circumstances described in the question).
The solution then is to add this to the httpHandlers section of your config:
<add verb="*" path="*.htm" type="System.Web.StaticFileHandler" />
I say seemed because since fixing this I've never had time to invest in reproducing and documenting.