Asp.Net 4.0+ comes with a very strict built-in request validation, part of it is the potential dangerous characters in the url which may be used in XSS attacks. Here are default invalid characters in the url , as < > * % & : \ ?
To resolve this, You can change this behavior in your config file: see below
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" />
OR you can use following settings
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
<pages validateRequest="false" />
Editor, DotNetSpider MVM
Microsoft MVP 2014 [ASP.NET/IIS]