windows authentication error (only with a lot of data) - asp.net

I have an ASP.net website running under IIS6. In one .aspx page the user has to enter data which is then stored into a database. The amount of data can vary. The project uses Windows Authentication.
So far everything worked, but once the data exceeds a certain amount, the website asks again for the credentials. When I click cancel a 401 error is returned, when I enter username/password a 12152 error (after some time of processing). I have tried it with IE6 and IE9 (also in IE8 mode).
Any ideas what could be done?

Sounds like an execution timeout, the default is 110 seconds. Try changing the executionTimeout and maxRequestLength attributes of the httpRuntime configuration.
<httpRuntime executionTimeout="1200" maxRequestLength="104856" />

After more than one month I was finally able to solve it: I had to increase the MaxHttpCollectionKeys-settings in the web.config file.
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2000" />
</appSettings>
After this modification the error was gone.

Related

How to increase time out of webform webmethod request in asp.net webforms?

I am using webform c#, here one of my method is taking about 3-4 minutes to execute completely method runs absolutely fine in developing environment but when publish put it on IIS it produces error of time out. i have tried with both ajax and server side button click event both but got same issue. I have also tried to increase the connection time out setting from IIS, it also doesn't work. on project webconfig I have changed these lines, not worked.
<system.web>
<httpRuntime executionTimeout="180" />
</system.web>
Is there any other way or I am missing any thing something? My IIS version is 10
In Web.config executionTimeout setting in seconds. so as per your details it's taking 3-4 minutes. so you need to set it as per that. like. executionTimeout="600" (600 sec : 5 minute)
And instead of globally increases the timeout of all pages you can also be applied for specific pages in the following way.
<location path="yourpagename.aspx">
<system.web>
<httpRuntime executionTimeout="900"/>
</system.web>
</location>

Validation of viewstate MAC failed, but occurs on only 1 out of 2 webfarm servers (machine key is correct)

So I have something weird going on and i can not pin down exactly what is causing it. My asp.net project is live with session state on two production servers that are synced using the following command:
msdeploy -verb:sync -source:webserver,computername=%MACHINE%,username=Administrator,password=%PASSWORD% -dest:webserver 2<&1
The application is an asp.net 4.0 website that is run on two Server 2008 R2 web servers behind a load balanced configuration where the users are set to stick to one server once they connect. We have <MachineKey> set hardcoded with validation and decryption keys in the root site of the application and it is the same between both servers. My application is set up to forward exception events to our email system.
What is happening is that i am receiving the dreaded 'Validation of viewstate MAC failed' from the servers but even though the server load is 50/50 split the errors are coming in on a 99/1 split. So one web server is generating these errors considerably more often than the other one. This is strange considering the servers are synced and all configurations are identical.
I've done extensive searching on this problem and it seems quite difficult to find any solution that doesn't mention or do the following.
<MachineKey> is not identical between servers. (I know for a fact this is not my problem)
Setting enableViewStateMac=false or some other setting that jeopardizes the site security.
Make sure that all action tags on form inputs reference the same page they are placed on
Make sure the instance ID of the servers are the same (they are)
If the user clicks through the page before the entire page (viewstate) has been downloaded (my viewstate is set to render at the top of the page).
Issues with response.redirect and server.transfer
Now i have eliminated all except the last two as possible causes. My application has been running fine for over a year with no issues and right before these errors appeared i enabled SQL session state, migrated the project from .NET 3.5 to .NET 4.0, and set the set the server mode deployment mode to retail. I have tried recycling the application pools and performing an 'iis reset' to no avail.
Does anyone else have any suggestions as to what i can look at? Bottom line i do NOT want to fix this by opening up security holes in my site.
It appears this is happening to users right after they authenticate using forms authentication the first time they try to log in but i can not confirm this. I also have a theory that this might have to do with caching but i can't be sure on this either.
Here is the juicy bit from my web.config (i have removed some sensitive information)
<system.web>
<httpRuntime requestValidationMode="2.0"/>
<globalization culture="en-US" uiCulture="en-US" resourceProviderFactoryType="WebResourceFactory"/>
<compilation debug="true" defaultLanguage="c#" explicit="true" strict="true" targetFramework="4.0">
<assemblies>
</assemblies>
</compilation>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" slidingExpiration="true"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<sessionState mode="SQLServer" sqlConnectionString="connection" compressionEnabled="true" />
<pages theme="Blue" controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<machineKey validationKey="key" decryptionKey="key" decryption="3DES" validation="SHA1" />
</system.web>
EDIT:Emphasized that i'm using SQL session state with a load balancer set to prefer to route users to the server they started on.
There is an additional possibility that you have not added to your list - ViewStateUserKey.
I have seen issues with applications where the ViewStateUserKey was set to the Session ID on logon and (crucially) before any data is saved to the Session. Since ASP.NET does not persist Session IDs until one or more objects are saved to session this meant that the ID was constantly changing and the Viewstate was failing validation. Even if you have saved something to Session then the Session will be different on each server if you are using the default in-process model and not a state server or SQL session store (as you are doing). Any server specific value or value that is not readily predictable across servers used with ViewStateUserKey will of course also cause this problem.
Otherwise the most common causes of this issue I have seen is where an "Action" attribute is set on a form that is not the URL of the same page as the form (this catches out developers used to PHP or platforms that do not attempt to abstract away from HTTP), or missing Machine Key attributes in the Web.config in multi-server environments (which you seem to have covered).
Ok i appear to have fixed it, though i can not discern what exactly caused it so i will just list all the steps i performed in case someone else has this problem later on.
1 :
Installed these windows updates:
2:
My forms authentication cookie was set to persistent but my session cookie was set to the browser session. I set my forms authentication cookie to be browser session based.
3:
I copied my from the site config to the root of IIS. From all the documentation i could find it should not be necessary for me to do this because IIS should support multiple machine keys for different sites / applications.
4:
Rebooted the server.
That's it! I have not received the errors since then.

fileupload error - Internet Explorer cannot display the webpage

I know this question has been asked in other threads, but none of the solutions provided could fix my problem.
When I upload a file greater than ~4MB (i.e. bigger than default), I get the "Internet Explorer cannot display the webpage" error. (Files smaller has no problems).
Here's what I've done so far:
1) Edited webconfig:
<httpRuntime maxRequestLength="20480" executionTimeout="3600" enable="true"/>
<customErrors mode="Off"></customErrors>
AND
<requestLimits maxAllowedContentLength="20000000000" />
2) Updated hosts file (C:\Windows\System32\drivers\etc\hosts) to remove line:
:: 1 localhost
3) Tested on IE, Chrome, and Firefox (all have the same issues).
4) Tried using IE's developer tools but not quite sure what to look for.
Would really really appreciate any advice/guidance on this! I've spent almost 2 days on this and still cannot figure it out. I gather it must be the file size issue (since I have load smaller files...)
THANKS so much!
Assuming that you have file upload control as follows:
<asp:FileUpload ID="flUpImg" runat="server"/>
when uploading is done you usually upload files to the server by clicking a button.
In that button click event check for
flUpImg.PostedFile.ContentLength
let xxxx be the value returned.
Note it down and stop debugging.
Go to web.config file and edit the following tag as
<httpRuntime maxRequestLength="value greater than xxxx"/>
where xxxx is the size of the uploaded files.
Two more things to look at:
1) Are you running UrlScan or some other IIS add-in? You can check through the IIS console by choosing your web-site and clicking ISAPI Filters. If so, check whether it too has an upload size limit that you need to override: e.g., C:\Windows\System32\inetsrv\urlscan\urlscan.ini, [RequestLimits], MaxAllowedContentLength=1073741824.
2) Check your global .config files: machine.config and root-level web.config in e.g. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config (for 64-bit applications running .NET 4) for <system.web /> and applicationHost.config in C:\Windows\System32\inetsrv\config for <system.webServer /> in case there are any non-standard settings in there such as allowDefinition="MachineOnly" or allowOverride="false". I suspect this isn't the problem, as you would probably see some sort of message on the screen or in the application event log if it were; something else to tick off your list, though.
I was facing the same issue which got resolved by adding below in web.config under system.web.
<httpRuntime maxRequestLength="20480" executionTimeout="3600" enable="true"/>
The key is the maxRequestLength="20480" inside your <httpRuntime> tag. It's failing because the page is rejecting the file you're testing, which is evidently larger than 20MB. If you check the file you're testing you'll probably notice this.
Try setting this figure a lot higher and you will get some success!:
<httpRuntime maxRequestLength="51200" executionTimeout="3600" enable="true"/>

Large file uploading

I want to upload a large file in asp.net app of visual studio 2010. But I have got connection reset error. How can I solve it? Thanks.
P.S I have changed the requestlimited in the webconfig which is not to be make any effect.
It's a security setting to limit the size of the request. It's a setting called RequestMaxLength in web config. I believe the default is 3 or 4 MB... An asp.net file upload will be limited by the number defined in this setting (any request for that matter).
<configuration>
<system.web>
<httpRuntime maxRequestLength="4096" executionTimeout="1200" />
</system.web>
</configuration>
It's not wise to make this a very large number because it exposes you to DOS attack since someone could just flood your server with huge files. There is also an executionTimeout property that might have to be set as well

IIS Request Timeout on long ASP.NET operation

I am experiencing a request timeout from IIS when I run a long operation. Behind the scene my ASP.NET application is processing data, but the number of records being processed is large, and thus the operation is taking a long time.
However, I think IIS times out the session. Is this a problem with IIS or ASP.NET session?
If you want to extend the amount of time permitted for an ASP.NET script to execute then increase the Server.ScriptTimeout value. The default is 90 seconds for .NET 1.x and 110 seconds for .NET 2.0 and later.
For example:
// Increase script timeout for current page to five minutes
Server.ScriptTimeout = 300;
This value can also be configured in your web.config file in the httpRuntime configuration element:
<!-- Increase script timeout to five minutes -->
<httpRuntime executionTimeout="300"
... other configuration attributes ...
/>
Please note according to the MSDN documentation:
"This time-out applies only if the debug attribute in the compilation
element is False. Therefore, if the debug attribute is True, you do
not have to set this attribute to a large value in order to avoid
application shutdown while you are debugging."
If you've already done this but are finding that your session is expiring then increase the
ASP.NET HttpSessionState.Timeout value:
For example:
// Increase session timeout to thirty minutes
Session.Timeout = 30;
This value can also be configured in your web.config file in the sessionState configuration element:
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
If your script is taking several minutes to execute and there are many concurrent users then consider changing the page to an Asynchronous Page. This will increase the scalability of your application.
The other alternative, if you have administrator access to the server, is to consider this long running operation as a candidate for implementing as a scheduled task or a windows service.
Great and exhaustive answerby #Kev!
Since I did long processing only in one admin page in a WebForms application I used the code option. But to allow a temporary quick fix on production I used the config version in a <location> tag in web.config. This way my admin/processing page got enough time, while pages for end users and such kept their old time out behaviour.
Below I gave the config for you Googlers needing the same quick fix. You should ofcourse use other values than my '4 hour' example, but DO note that the session timeOut is in minutes, while the request executionTimeout is in seconds!
And - since it's 2015 already - for a NON- quickfix you should use .Net 4.5's async/await now if at all possible, instead of the .NET 2.0's ASYNC page that was state of the art when KEV answered in 2010 :).
<configuration>
...
<compilation debug="false" ...>
... other stuff ..
<location path="~/Admin/SomePage.aspx">
<system.web>
<sessionState timeout="240" />
<httpRuntime executionTimeout="14400" />
</system.web>
</location>
...
</configuration>
I'm posting this here, because I've spent like 3 and 4 hours on it, and I've only found answers like those one above, that say do add the executionTime, but it doesn't solve the problem in the case that you're using ASP .NET Core. For it, this would work:
At web.config file, add the requestTimeout attribute at aspNetCore node.
<system.webServer>
<aspNetCore requestTimeout="00:10:00" ... (other configs goes here) />
</system.webServer>
In this example, I'm setting the value for 10 minutes.
Reference: https://learn.microsoft.com/en-us/aspnet/core/hosting/aspnet-core-module#configuring-the-asp-net-core-module
Remove ~ character in location
so
path="~/Admin/SomePage.aspx"
becomes
path="Admin/SomePage.aspx"

Resources