A potentially dangerous Request.Path value was detected from the client (*) The * character is not allowed in the path of the URL, but there is no problem using it in the query string: http://localhost:3286/Search/?q=test* It's not an encoding issue, the * character has no special meaning in an URL, so it doesn't matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it. For example using an arbitrary character as escape character: query = query.Replace("x", "xxx").Replace("y", "xxy").Replace("*", "xyy"); And decoding: query = query.Replace("xyy", "*").Replace("xxy", "y").Replace("xxx", "x");