I would say that the reason this happens is due to how the Response.Redirect method works internally.
Internally, the Redirect method will check the URL string parameter and, if it considers it necessary, do some encoding in the URL string parameter before the redirect actually runs.
You can find out about this by looking at the disassembly of the Response.Redirect method in Reflector. Among other things, the Redirect method does:
url = this.ApplyRedirectQueryStringIfRequired(url); url = this.ApplyAppPathModifier(url); url = this.ConvertToFullyQualifiedRedirectUrlIfRequired(url); url = this.UrlEncodeRedirect(url);
Each of these functions has calls for other functions, such as:
internal static string UrlEncodeNonAscii(string str, Encoding e) internal static string UrlEncodeSpaces(string str) private static byte[] UrlEncodeBytesToBytesInternalNonAscii(byte[] bytes, int offset, int count, bool alwaysCreateReturnValue)
Each of these functions attempts to somehow encode (or translate) the provided URL string parameter.
According to this page: Response.Redirect and encoded URIs (and others related here), there may be some problems with this encoding, depending on the input string.
It seems that the best way to avoid any encoding problems that may occur when using the Redirect method for native encoding is to explicitly encode the URL string parameter immediately before passing it to the Redirect method.
From the Response.Redirect MSDN article:
Always check and encode the URL that is passed to Response.Redirect to protect against cross-site scripting attacks. For information on how to remove harmful characters from a string, see Removing harmful characters from user input .
Please note that earlier in