DateTimeOffset as query parameter

[abkmr]

When colon “:” and plus “+” is used with OData V4 request as part of a DateTimeOffset format parameter an OData V4 function, IIS 7.0+ rejects the request terming usage of “:” and “+” as invalid, since they are restricted characters in URL Path.

For example:
http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=2015-01-08T15:08:16.1512974+05:30) will cause parsing failure in IIS.

Also, if we fully encode all : as %3A, and all + as %2B, still IIS 7.0+ will fail while parsing %2B due to the default value of allowDoubleEscaping=false. %2B is double encoding of space, hence the parsing failure in : http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=2015-01-08T15%3A08%3A16.1512974%2B05:30)

As an alternative, it is possible to use function parameters in query options and make the call after fully escaping all ":" and "+" characters:-
http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=@utcTime)?@utcTime=2015-01-08T15%3A08%3A16.1512974%2B05:30

I would request that support be added in odata client libraries to encode DateTimeOffset function parameters as query options with URL encoding. Otherwise enabling the use of ":" and "+" within the URL opens up the IIS server to large security risks.

[mattjvan]

+1