Max querystring length on asp .net 2.0 - query-string

I am working on ASP .NET version 2.0 and IIS 6. I am calling a pop up aspx page from the main page by calling its URL and passing querystring to it.
For a specific case the length of my querystring exceeds more than 2000 characters. So the pop up screen opens up fine for the first time but whenever there is a postback in that pop up screen, I get a internet connection error.
I am sure this is happening because of the large length of the querystring because it works fine when I reduce the length of querystring.
Is there a way we can increase the maximum allowed length of the querystring passed. Can it be configured through web.config or in some IIS settings.

Following is the approach I use for ASP.Net MVC 4
<system.web>
<httpRuntime maxQueryStringLength="6000" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!--Query String Length-->
<requestLimits maxQueryString="6000" />
</requestFiltering>
</security>
</system.webServer>
REFERENCE
request exceeds the configured maxQueryStringLength when using [Authorize]
WCF says it exceeds maximum query string value while it is not

By default it 2048. Check this post (MSDN). Set maxQueryStringLength in httpRuntime section of your web.config.
Please check the requirements for this on the same post.
Hope this works for you.

Attribute maxQueryStringLength of httpRuntime element is supported only by 4.0 and above.
You have to use IIS settings to control max query string limits.
http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/requestLimits

Related

How to increase time out of webform webmethod request in asp.net webforms?

I am using webform c#, here one of my method is taking about 3-4 minutes to execute completely method runs absolutely fine in developing environment but when publish put it on IIS it produces error of time out. i have tried with both ajax and server side button click event both but got same issue. I have also tried to increase the connection time out setting from IIS, it also doesn't work. on project webconfig I have changed these lines, not worked.
<system.web>
<httpRuntime executionTimeout="180" />
</system.web>
Is there any other way or I am missing any thing something? My IIS version is 10
In Web.config executionTimeout setting in seconds. so as per your details it's taking 3-4 minutes. so you need to set it as per that. like. executionTimeout="600" (600 sec : 5 minute)
And instead of globally increases the timeout of all pages you can also be applied for specific pages in the following way.
<location path="yourpagename.aspx">
<system.web>
<httpRuntime executionTimeout="900"/>
</system.web>
</location>

requestValidationMode 4.5 vs 2.0

Is there a difference between requestValidationMode="4.5" and requestValidationMode="2.0"? I have a .net 4.5 application, there is a control which I don't want to validate, as users can enter html tags in:
<asp:TextBox ID="txtTitle" runat="server" ValidateRequestMode="Disabled" />
in my web.config i have:
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5">...</compilation>
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
initially I have put requestValidationMode="4.5" but that didn't work, I would still get the error about the tags - "A potentially dangerous Request.Form value was detected from the client ..." as soon as would submit the form. However if I set it to requestValidationMode="2.0" it works, i'm able to hit the PageLoad and encode the value from that field.
Yes there is a difference between the two. Anything requestValidationMode specified as 4.0 or above will use the 4.0 way and any requestValidationMode specified as below 4.0 will use the 2.0 way. Below is a description of the two:
http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode.aspx
4.0 (the default). The HttpRequest object internally sets a flag that indicates that request validation should be triggered whenever any HTTP request data is accessed. This guarantees that the request validation is triggered before data such as cookies and URLs are accessed during the request. The request validation settings of the pages element (if any) in the configuration file or of the # Page directive in an individual page are ignored.
2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the # Page directive in an individual page are used to determine which page requests to validate.
As a note: There are other solutions, since you are using asp.net 4.5 you may want to look it to validating on a per control level, that way you can leave the requestValidationMode property in the web.config at 4.5 and only change it on controls that need it.
http://msdn.microsoft.com/en-us/library/system.web.ui.control.validaterequestmode.aspx
I agree with Chris_dotnet's answer.
However, I would like to add a small side note:
In your web.config file, enclose the requestValidationMode="2.0" tag under the location tag so you only allow a specific page to have this "waiver" to skip the validation.
<location path="YourPage.aspx">
<system.web>
<httpRuntime requestValidationMode="2.0"/>
</system.web>
</location>

windows authentication error (only with a lot of data)

I have an ASP.net website running under IIS6. In one .aspx page the user has to enter data which is then stored into a database. The amount of data can vary. The project uses Windows Authentication.
So far everything worked, but once the data exceeds a certain amount, the website asks again for the credentials. When I click cancel a 401 error is returned, when I enter username/password a 12152 error (after some time of processing). I have tried it with IE6 and IE9 (also in IE8 mode).
Any ideas what could be done?
Sounds like an execution timeout, the default is 110 seconds. Try changing the executionTimeout and maxRequestLength attributes of the httpRuntime configuration.
<httpRuntime executionTimeout="1200" maxRequestLength="104856" />
After more than one month I was finally able to solve it: I had to increase the MaxHttpCollectionKeys-settings in the web.config file.
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="2000" />
</appSettings>
After this modification the error was gone.

IIS Request Timeout on long ASP.NET operation

I am experiencing a request timeout from IIS when I run a long operation. Behind the scene my ASP.NET application is processing data, but the number of records being processed is large, and thus the operation is taking a long time.
However, I think IIS times out the session. Is this a problem with IIS or ASP.NET session?
If you want to extend the amount of time permitted for an ASP.NET script to execute then increase the Server.ScriptTimeout value. The default is 90 seconds for .NET 1.x and 110 seconds for .NET 2.0 and later.
For example:
// Increase script timeout for current page to five minutes
Server.ScriptTimeout = 300;
This value can also be configured in your web.config file in the httpRuntime configuration element:
<!-- Increase script timeout to five minutes -->
<httpRuntime executionTimeout="300"
... other configuration attributes ...
/>
Please note according to the MSDN documentation:
"This time-out applies only if the debug attribute in the compilation
element is False. Therefore, if the debug attribute is True, you do
not have to set this attribute to a large value in order to avoid
application shutdown while you are debugging."
If you've already done this but are finding that your session is expiring then increase the
ASP.NET HttpSessionState.Timeout value:
For example:
// Increase session timeout to thirty minutes
Session.Timeout = 30;
This value can also be configured in your web.config file in the sessionState configuration element:
<configuration>
<system.web>
<sessionState
mode="InProc"
cookieless="true"
timeout="30" />
</system.web>
</configuration>
If your script is taking several minutes to execute and there are many concurrent users then consider changing the page to an Asynchronous Page. This will increase the scalability of your application.
The other alternative, if you have administrator access to the server, is to consider this long running operation as a candidate for implementing as a scheduled task or a windows service.
Great and exhaustive answerby #Kev!
Since I did long processing only in one admin page in a WebForms application I used the code option. But to allow a temporary quick fix on production I used the config version in a <location> tag in web.config. This way my admin/processing page got enough time, while pages for end users and such kept their old time out behaviour.
Below I gave the config for you Googlers needing the same quick fix. You should ofcourse use other values than my '4 hour' example, but DO note that the session timeOut is in minutes, while the request executionTimeout is in seconds!
And - since it's 2015 already - for a NON- quickfix you should use .Net 4.5's async/await now if at all possible, instead of the .NET 2.0's ASYNC page that was state of the art when KEV answered in 2010 :).
<configuration>
...
<compilation debug="false" ...>
... other stuff ..
<location path="~/Admin/SomePage.aspx">
<system.web>
<sessionState timeout="240" />
<httpRuntime executionTimeout="14400" />
</system.web>
</location>
...
</configuration>
I'm posting this here, because I've spent like 3 and 4 hours on it, and I've only found answers like those one above, that say do add the executionTime, but it doesn't solve the problem in the case that you're using ASP .NET Core. For it, this would work:
At web.config file, add the requestTimeout attribute at aspNetCore node.
<system.webServer>
<aspNetCore requestTimeout="00:10:00" ... (other configs goes here) />
</system.webServer>
In this example, I'm setting the value for 10 minutes.
Reference: https://learn.microsoft.com/en-us/aspnet/core/hosting/aspnet-core-module#configuring-the-asp-net-core-module
Remove ~ character in location
so
path="~/Admin/SomePage.aspx"
becomes
path="Admin/SomePage.aspx"

Posting data to a HttpHandler greater then ~29MB gives a 404 error

I am testing a HttpHandler that accepts XML. It works fine when a small amount of data is posted but if I post data larger then approx 29mb, I get a asp.net 404 Error.
I am posting to the handler from another handler in the same project and I have tried 2 methods -
1. HttpWebRequest with "POST"
2. WebClient with UploadFile() and UploadData()
I get the same 404 error when the posted data is above 28.6 MB.
I also tried putting a breakpoint right in the beginning of the receiving handler and debugging. It is never hit. Appears like the handler was never called. Works ok for smaller sized data.
I already have the following setting. What am I doing Wrong?
<httpRuntime maxRequestLength="1048576" />
EDIT: I have also tried posting to a different handler that doesnt not consume posted data, just to test, but the results are the same.
Environment: Win 7, IIS 7.5, .net 3.5, VS 2008
alt text http://img401.imageshack.us/img401/4099/errormr.png
I discovered that the problem is with IIS 7 and above. It requires the max request length to be set in a different place.
See the following links -
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_22943810.html
http://msdn.microsoft.com/en-us/library/ms689462%28VS.90%29.aspx
The default value is 30000000. which is 28.6mb. The correct way to set in web.config is -
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1073741824"></requestLimits>
</requestFiltering>
</security>
</system.webServer>
This config cleared the error I was getting. I wish the errors reported were more descriptive, at least on local machines
Does this mean that setting <httpRuntime maxRequestLength="1048576" /> is enough for IIS 6 ? (the live server is win2003)
Try to add this section to the web.config file:
<location path="YourHandler.aspx">
<system.web>
<httpRuntime maxRequestLength="1048576" executionTimeout="3600" />
</system.web>
</location>
assuming you handler path is YourHandler.aspx.

Resources