ASP.NET FileUpload failure - asp.net

Trying to upload a large file (20MB), I set the maxRequestLength to a high enough level (and the expiration time too) in the httpRuntime entry of web.config. The Event Log stopped reporting that the post size exceeds allowed limits, but I still get the same behavior in the browser (IE or FF): "The connection to the server was reset while the page was loading." I'm using VS2008 and the built-in web server, not IIS. I've read the Q&A on this topic and even put in the check for the exception (IsMaxRequestExceededEexception) in the application global handler. This was referenced in another StackOverflow thread about this topic. Anyone had anything similar, have any ideas?
Thanks,
Bob

Not come accross this myself with the built in server, however you could try increasing the time out too in the web.config file.
<httpRuntime executionTimeout="****" maxRequestLength="****" />

Figured out my problem. I put the entry into the wrong web.config file -- I have two web apps in the same VS solution. doh!

Http uploads are notoriously unreliable. You should look into some other options that utilize Flash or Silverlight for file uploads.

Related

Is there anything wrong with modifying the web.config file dynamically

I read this article. I was planning on creating a setup page that runs and allows the user to change the sql connection strings which is stored in the web.config file. With some changes this may help in deployment or even development. My question is is it possible to change the connection string in the web.config file based on user input and is this advisable. N.B The connection string must be contained in the web.config
THank you
You may find helpful this blogpost on this topic.
hmmmm. Changing the web.config file would cause the app to restart. At least that's what would normally happen and from my understanding of the dependencies involved would happen if you did it from code.
That might be acceptable to you though & it is the best way to do it if the restart is acceptable.
Simon
It's possible to modify web.config based upon user input. It's just an XML file.
We do this as part of a custom action in an installer (MSI).
Modifying a web.config will cause the application pool to recycle though. Depending on your site, this (recycling) may or may not be a big deal.

Global.asax not firing for .aspx pages in IIS7

We run a link redirection service which can handle links thrown at it in various formats. One of these formats is to append the destination URL to the end of the link, for example
http://url.fwd/abcd/http://www.mydomain.com/page.aspx
This was working on a Windows Server 2003 / IIS6 box for the last two years, but now we're trying to move to a Windows Server 2008 / IIS7 setup and its not working anymore.
I've read about the problem with colons in the URL but it doesn't affect pages not ending in '.aspx'. For instance,
http://url.fwd/abcd/http://www.mydomain.com/page.php
would redirect fine.
http://url.fwd/abcd/http//www.mydomain.com/page.aspx
also works fine (note the lack of a second colon). Despite being the wrong URL, it does get handled by our URL forwarding system, which uses a custom 404 page. On the old system, we had a similar problem, so a method was written in Global.asax > Application_Error specifically to handle the '.aspx' case, and it worked fine.
On our new server, the Application_Error never gets thrown in Global.asax. Instead, I get a System.NotSupportedException - "The given path's format is not supported". This System.NotSupportedException is the exact case we handle in the Global.asax page, so it's definitely not being fired.
I've changed the registry keys indicated in several forum posts,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET VerificationCompatibility=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP|Parameters AllowRestrictedChars=1
I've tried changing the Handler Mappings settings for .aspx.
I've tried setting the App pool to use classic mode instead of integrated, but this causes a completely different error where static content such as images and CSS do not display at all. I've checked that static content is enabled in the windows features, and it is.
Under classic mode, the '.aspx' request throws two Bad Request errors with absolutely no information whatsoever. The code of the error page I get is literally
Bad Request<html><body>Bad Request</body></html>
UPDATE: I've changed the static file Handler Mapping to the form found in this page
http://improve.dk/blog/2006/12/11/making-url-rewriting-on-iis7-work-like-iis6
However, as the author rightly points out, this is a hack and not the correct way of doing things under IIS7. It also only fixes the static file problem in classic mode. '.aspx' pages still throw an error under classic mode.
Any thoughts or input would be greatly appreciated at this point.
IIS 7 Solution
The easy solution in IIS 7 is to add a setting in your web.config file to tell IIS to process all requests through your Global.asax events. Just add or change this section in your web.config to enable requests:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
In my case, I was publish my site in production and I miss copy to server App_global.asax.compiled file. For this reason was not fire the Events inside Global.asax.
Hope anyelse help this tips, I lost 8 hours seeking.

What is max file upload size in IIS6.0? and how do we overcome that?

In my application, I would like to upload files of size more than 3GB. I increased max file request timeout as high as possible.
But it is not even posting the page to the server when I select a 3GB file.
My web site configuration:
Asp.Net 3.5
IIS 6.0
Is it possible with the above configuration? If not what is the reason, and how do I resolve this?
I'd probably go with a FTP approach. Using FTPWebRequest - try Google for sample code.
You'll need to adjust both the timeout and request length in your web.config appropriately:
<system.web>
<httpRuntime maxRequestLength="102400" executionTimeout="360"/>
</system.web>
Of course keep in mind, a 3Gb file is going to require a lot of patience. In reality, I suggest investigating alternatives - HTTP post is not going to be pretty with files of this size.
One possibility: http://www.banmanpro.com/support2/File_Upload_limits.asp
Unfortunately adjusting the timeout and request length is not going to work. Your web server will run out of memory before the upload completes.
What you need is a file upload control that will break your upload into smaller chunks, so that you don't use all of the server's memory to hold the file while it is uploading.
One of the better file upload controls available is Darren Johnstone's ASP.NET File Upload control. This free control is a drop-in replacement for the standard ASP.NET file upload component, and is specifically designed to handle large files. It even includes a progress bar that doesn't require Flash.
Complete documentation and installation instructions are here:
http://darrenjohnstone.net/aspnet-file-uploaddownload-module-v2-documentation/
The control (and source code) can be downloaded here:
http://darrenjohnstone.net/downloads/

Uploading photos - How can I keep our website safe/stable

My website would like users to upload their photos...but how do I keep our server safe from harm? Allowing only JPGs should avoid virus trouble, but what if someone selects a 10Gb file - will that slow the whole website down?
We're using Classic ASP and IIS6 (sorry, but that's how it is, can't change that!). Previously we have used a DLL from a company called Persits to handle uploads. However, it would be helpful to other people if we extend this discussion to other languages/technologies too.
ASPs cannot detect the size of a file until it has finished uploading, so thats a pain. Or can I check content-length in the HTTP header before I start the transfer?
Q1. Are there any other ways someone could abuse the upload facility?
Q2. How can I limit the danger to keep the site running and the server safe?
Thank you.
In Persists, you can set the maximum filesize a user can upload:
Upload.SetMaxSize 100000, True
The "True" above shows that the file is to be rejected if over the Max size. If set to False then the file will be trucated.
See http://www.aspupload.com/object_upload.html#SetMaxSize
If you were using ASP.Net you can specify a maximum size of file in web.config (or machine.config), and ASP.Net will throw an error after the size is exceeded in the upload. That is to say, if you specify a limit of 4Mb, and someome tries to upload a 100Mb, .Net will complain as soon as it has uploaded more than 4Mb.
The property in question is maxRequestLength, which accorsing to MSDN "Specifies the limit for the input stream buffering threshold, in KB. This limit can be used to prevent denial of service attacks that are caused, for example, by users posting large files to the server."
For example.
<configuration>
<system.web>
<httpRuntime maxRequestLength="4000" ....
I am not sure if there is an equivalent in classic ASP though.
There is a great component that uses Flash to upload files. Check it out
http://www.codeproject.com/KB/aspnet/FlashUpload.aspx
This appears to enforce file upload size: http://www.aspupload.com/
I am not sure how it handles it.
I've just found an article on how to limit size using a setting called 'AspMaxRequestEntityAllowed' in IIS:
http://www.banmanpro.com/support2/File_Upload_limits.asp
However, it doesn't work - my server already has that setting at 200k and yet we are currently uploading 1Mb files ok!
You can reject the oversized requests at the IIS level before they even get to your application by using Microsoft's UrlScan tool: http://technet.microsoft.com/en-us/security/cc242650.aspx
For IIS 6, it looks like you may not even need that. You should be able to set the MaxRequestEntityAllowed and ASPMaxRequestEntityAllowed metabase properties to your desired maximum value and the requests will be cut off at that point.

How do I configure IIS to handle really large file uploads?

Platform: IIS 6, ASP.Net 2.0 (.Net 3.5), Server 2003.
I'm building an application that accepts files from a user, processes them, and returns a result. The file is uploaded using HTTP POST to an ASP.Net web form. The application is expecting some large files (hundreds of MB).
I'm using SWFUpload to accomplish the upload with a nice progress bar, but that's not contributing to the issue, because when I bypass it using a standard HTML form pointing at my upload accepter page, I get the exact same error. When using the progress bar, the upload continues to 100%, then fails. With a standard form, the behavior appears to be the same.
I'm having a problem right now uploading a file that's about 150MB. I've changed every settings I can find, but still no luck.
Here's a summary of what I've changed so far:
In Web.config:
Added this inside system.web:
<httpRuntime executionTimeout="3600" maxRequestLength="1536000"/>
In machine.config:
Inside system.web, changed:
<processModel autoConfig="true" />
to:
<processModel autoConfig="true" responseDeadlockInterval="00:30:00" responseRestartDeadlockInterval="00:30:00" />
and in MetaBase.xml:
Changed:
AspMaxRequestEntityAllowed="204800"
to:
AspMaxRequestEntityAllowed="200000000"
When the upload fails, I get a 404 error from IIS. My web form does not begin processing, or at least, it doesn't make it to the Page_Load event. I threw an exception at the beginning of that handler, and it doesn't execute at all on large files.
Everything works fine with smaller files (I've tested up to about 5.5MB). I'm not exactly sure what file size is the limit, but I know that my limit needs to be higher than 150MB, since this is not the largest file that the client will need to upload.
Can anyone help?
Urlscan was active on all websites, and has it's own request entity length limit. I wasn't aware that Urlscan was running on our server because it was a global ISAPI filter, not running on my individual website.
Note: to locate global ISAPI filters, right click on the Web Sites folder in IIS Admin and click Properties, then on the ISAPI Filters tab.
(A note for googlers):
For IIS7 add below to web.config (I added above <system.serviceModel>):
<system.webServer>
<security>
<requestFiltering><requestLimits maxAllowedContentLength="262144000" /></requestFiltering> <!-- maxAllowedContentLength is in bytes. Defaults to 30,000,000 -->
</security>
</system.webServer>
When we ran into this issue we had to increase the buffer size limit according to this KB article:
http://support.microsoft.com/kb/944886/en-us
I know this mentions ASP, but I believe it worked for ASP.NET as well.
Edit: Here is a link that might be more relevant to your issue and provide other options:
http://weblogs.asp.net/jgalloway/archive/2008/01/08/large-file-uploads-in-asp-net.aspx
404 and missing Page_Load: IIS can only process the request once the complete POST is on the server. Therefore, if the POST fails (due to its size), it cannot fire the page's events.
You might try NeatUpload http://www.brettle.com/neatupload.
From the Manual: "By default, NeatUpload does not directly limit the size of uploads."
You can also try Velodoc XP Edition which has several advantages over NeatUpload including the fact that it uses ASP.NET Ajax extensions. See also the Velodoc web site for more information.
You say:
But 1536000 is only 1.5MB?

Resources