I get the "The request filtering module is configured to deny a request that contains a double escape sequence." when requesting images with plus signs in their filenames. I´d rather not turn off this feature. Instead I have hope that I can encode my urls correctly. The problem is that I wan´t to test this (in development) and I´m not sure how IIS 7 want´s my url to look? Do you think this will solve my problem?
const string fileName = "test+test.jpg";
string urlEncoded = HttpUtility.UrlEncode(fileName);
Assert.That(urlEncoded, Is.EqualTo("test%2btest.jpg"));
Unfortunately it won't. IIS7 will decode your URL, see that you were encoding a plus sign, and then still throw the double escape sequence error. If you really want to use plus signs I think you have to allow double Url encodings.
Here is a blog post from a developer on the IIS team detailing some reasons why they chose to not not allow '+' signs to be accepted.
Another option, and you may have thought of this, is that you could come up with your own escape sequence to replace plus signs with that IIS won't recognize. Then you would need to write your own code to check for your escape sequence and rewrite it to a '+'.
If you want more detail on how the entire check system works in IIS7 and ASP.Net you can see my answer to a similar question here.
Hope this helps.