Best Practice: ASP.NET MVC Query String

If you are creating a website or an Intranet application using ASP.NET or MVC, you need to be careful on the length of the query string you are using in the application.

By default IIS is set to accept a maximum query string length of 2048 bytes. That’s 2048 characters. IIS will throw an query string too long error is there is any request url with more than 2048 characters of query string. I’ve already explained about this error and the workaround for this in my article Query string too long.

But, it is always a good practice to use a shorter query string in .Net web applications. Below are some of the best practices you can follow in and mvc query string usage.

ASP.NET & MVC Query String Usage Best Practices

  1. Try to keep the query sting length below 512 characters.
  2. Pass bare minimum data through query string.
  3. Never forget that the query string is visible to everyone using the web application. So avoid sensitive data in the query string (username, Password, date of birth, email address, name, etc..).
  4. Try to use server-side session variables instead of passing data in query string.
  5. Always use URL encoding for spaces and special characters.
  6. Try to use encrypted data in the query string.

Please share your ideas on the best practices of using query string.

Leave your thoughts...