In my local machine the project works fine, i have the following options inside my web.config:
<httpRuntime maxUrlLength="10999" maxQueryStringLength="2097151" />
and
<security>
<requestFiltering allowDoubleEscaping="false">
<requestLimits maxQueryString="2097151" maxUrl="10999" />
</requestFiltering>
</security>
When i have it on my windows web server 2008 machine it works fine except for the pages with long query strings.
Local Machine Specs:
Windows 8
IIS 8.0
also tested in another Local Machine with the following Specs:
Windows 7
IIS 7.5
Server Specs:
Windows Web Server 2008
IIS 7.0
If any more info is required let me know and i will edit the question.
I've looked into other SO questions and i couldn't find an answer for this, any suggestions?
Related
At work we were forced into a hardware refresh where we went from a Windows 7 box with VS 2013 and IIS Express 6 to a Windows 10 box with VS 2017 and IIS Express 10. The problem is that Windows Authentication refuses to work. I get a 401.2 - Unauthorized with the explanation of "Invalid Authentication Headers".
I've checked the web.config and the properties for the web project and they are correct. I've modified the applicationhost.config file in the .vs folder in the project to enable windows authentication. I even checked the permissions of the files to make sure authenticated users had the right permissions. None of this has worked.
This all worked fine in IIS Express 6. What did Microsoft change in IIS Express 10 that screws this all up?
Edit: have to manually type this stuff in, since I can't move code from the dev machine.
web.config:
<system.web>
<customErrors mode="off"/>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
</system.web>
If you want any other sections of the web.config, ask me.
As for ApplicationHost.config, it is basically whatever VS2017 creates, since this is a fresh machine and there wasn't an existing one with the project. Changes I tried making:
<windowsAuthentication enabled="true">
<anonymousAuthentication enabled="false" userName="">
<section name="windowsAuthentication" overrideModeDefault="allow">
One additional datapoint: The application runs on Firefox. I can log on fine to our test servers, running IIS 8.5, but can't access the application on IIS Express.
I've since created a new MVC application and just ran that. It runs fine in IE, but it won't authenticate users from Firefox and Edge.
Edit: Found out that Edge doesn't support Windows Authentication on localhost: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/4776775/
Still need to get it to work with Firefox.
Edit again: So, I think I know what is going on. I have two user accounts: the regular user account and an admin account with more privileges. What I did under Windows 7 was that while I logged into my regular account, I ran VS under my admin account. Then I could run my web application and log into the web site with my admin account. This doesn't seem to work anymore. The only way I could get my application to work is to run it all under my admin account. Otherwise, Windows authentication won't work. Security-wise, this is broken as hell and I'd like to find a better solution.
you only need to change some properties in your project as mentioned in below link!
enable windows authentication
I'm going to mark this one as answered and I'll follow up with a new question. The current solution is to run everything on our admin account to get windows authentication working. Not ideal.
I know that this problem has a solution in stackoverflow, but it didn't work for me. I will be more specific below:
I had typical Maximum request length exceeded exception:
HTTP Error 404.13 - Not Found
The request filtering module is configured to deny a request that exceeds the request content length.
That's my changes to web.config, under system.web:
<httpRuntime maxRequestLength="200000" executionTimeout="300" />
and under system.webServer:
<security>
<requestFiltering allowDoubleEscaping="false">
<requestLimits maxAllowedContentLength="200000000" />
</requestFiltering>
</security>
I also made this changes in applicationHost.
On one machine these worked like charm. That was windows 7 + iis 7.5. But on another with windows server 2008 + iis 7.0 I cannot get upload of 19 MB to work. I really dont know what to do now. Please help anyone.
OK. That machine was client's machine. Apparently he changed something in IIS manager regarding one of the site's subfolders and IIS manager created web.config in subfolder that was overriding my setting in parent.
We have a asp website to upload files Client machine(website hosted in IIS) to Server machine(website hosted in IIS) using FTP. Both client and server websites are different websites. Our clients may use any of the windows OS (i.e. XP, Win 7, Win server 2003/2008).
While testing the file upload using FTP, we sent files in various sizes from almost all the OS. Issue is, i can able to upload files only within size of 512MB through FTP (using HTML input control) from Win 7 & Win server 2008 to xp, win 7, server 2008 and if i try more 512 MB, then it throws me System.out of memory exception and in same manner only i can upload files within size of 64MB from Win XP to xp, win 7, Win server 2008 and if i try more than 64 MB, it throws me System.out of memory exception.
I need a two solution :
1) I confused at above uploading....... why i can only upload within 64 MB file From XP to any OS?(which includes XP, Win 7, Server 2008). but from Win 7& Win server 2008 to any OS i can upload upto 512MB files.
2) If i try more than 512MB 0r 64MB files it throws System.out of memory exception.?
Please advise on solving this problem.
I have following settings in my website's web.config file,
<system.web>
<httpRuntime executionTimeout="3600" maxRequestLength="2097151" useFullyQualifiedRedirectUrl="false" requestLengthDiskThreshold="50000" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648" />
</requestFiltering>
</security>
</system.webServer>
please help me.
Thanks,
Kaviyarasan
Based on the Error/Exception, it seems that its not an issue from ASP.NET. Its more of a Memory issue.
Because you've already set the Execution Timeout Time and Max Content size in your web.config file. So, I guess there is no problem at all.
But if possible, try to check the Thread enter link description here. You might get what you want. This is the same for your problem No 2.
I have a website running in IIS 6.0, the website is an asp.net with framework 4.0
We have an application that is not hosted on the client, is hosted in our side. The client ask to allow access only for specific IPs.
So I added the list of IPs in the web.config, like this:
<security>
<ipSecurity allowUnlisted="false">
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="XXX.XXX.XXX.114" subnetMask="255.255.255.0" allowed="true"/>
<add ipAddress="XXX.XXX.XXX.85" subnetMask="255.255.255.0" allowed="true"/>
</ipSecurity>
</security>
In this example only two IPs have access to the side.
Should I need to do an extra step? because is not working. Is it the best way to do it?
Thank you.
I think your answer is in this link IP Security
Compatibility
Version Notes
IIS 7.5 The <ipSecurity> element was not modified in IIS 7.5.
IIS 7.0 The <ipSecurity> element was introduced in IIS 7.0.
IIS 6.0 The <ipSecurity> element replaces the IIS 6.0 IPSecurity metabase property.
I am using HttpContext.RewritePath in Global.asax for some URL rewriting, and it works very well in my development environment on the Cassini server. But when I copy it to the production server running IIS 7, it isn't working. I have also tried to use Context.Server.TransferRequest but then I get the error: "This operation requires IIS integrated pipeline mode." on both Cassini and IIS 7 (on IIS 7 the website is running in "Integrated" mode in the AppPool).
I rewrite all URLs on the website like /[The main menuname]/[pagename].aspx e.g. from /web/thesite.aspx?mainmenu=manager to /manager/thesite.aspx OR /web/theOtherSite.aspx?mainmenu=about to /about/theOtherSite.aspx, and so on...
I found out that i need to add the following to web.config
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
</system.webServer></configuration>