MVC WEB API routing fails when url contains encoded ampersand

When i call my webservice witch takes two parameters i get:

A potentially dangerous Request.Path value was detected from the client (&).

Routeconfig:

config.Routes.MapHttpRoute(
name: "PropertiesSearch",
routeTemplate: "api/property/Search/{category}/{query}",
defaults: new { controller = "Property", action = "Search", category = "common", query = string.Empty }
);

Controllermethod:

[HttpGet]
public SearchResult Search(string category, string query)
{
}

When i call the api with:

/api/property/search/homes/areaId%3D20339%26areaId%3D20015

A potentially dangerous Request.Path value was detected from the client (&).

Doing this:

/api/property/search/homes/?query=areaId%3D20339%26areaId%3D20015

works fine.

How do i solve the routing decoding problem?

+1 Personally I would avoid such characters in the uri portion and simply put those values as query string parameters. Can't make it any more bold.

You're right. We got it to work with the web.config bypass, but ended up forcing it to be set using query string parameters in the end after all. The reason we wanted it to be part of the URL is becasue we're using the auto-generated Help-page to create the API reference. And the routeTemplate wouldn't let us include a ? in there, so there was no good way of telling the user to include the {query} using query parameters

@ErikPhilips Why avoid using perfectly valid characters (&, =, etc.) in the path portion of a URI? The ampersand character is only reserved in the query portion of a URI.

@JoshM because there are very good, legitimate reasons why requestpathInvalidCharacters was created... Simply bypassing it on a whim because of a poor requirement is not a good reason to turn it off.

@ErikPhilips I'm asking what those reasons are -- do you have a reference to which you can point me? Thanks.

@ErikPhilips Done: stackoverflow.com/questions/35653835/…