File upload size issue in asp.net - c#

I am getting error on file upload in asp.net and the file size is 780kb but it is uploading 147 bytes successfully
i did set this in web.config file but still getting error any idea why?
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime maxRequestLength="1000000" executionTimeout="360"/>
<!--<httpRuntime maxRequestLength="10000" requestValidationMode="2.0" executionTimeout="360"/>-->
</system.web>

It doesn't appear to be related to the file size - you would get a different error code. HTTP 400 usually indicates some problem in the request header. Do a Fiddler capture of the transaction to see what is actually being sent.

There could be another web.config on AdminPanel level that overrides the site level setting.
Another option: upload could be done with Base64 encoding that makes data about 1.4 times bigger than file size (+ headers of the request). Make sure to set restriction accordingly.

Write the code as follows in web.config:
<configuration>
<system.web>
<httpRuntime maxRequestLength="600000" />
</system.web>
</configuration>

Related

A potentially dangerous Request.Path value was detected from the client (<)

I first searched for this issue on stack & some other sites & implemented solution in web.config file but still getting the error..
My web.config
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5.2"/>
<httpRuntime requestPathInvalidCharacters="<,>,*,%,&,:,\,?" targetFramework="4.5.2" requestValidationMode="2.0"/>
<customErrors mode="Off"/>
<trust level="Full"/>
<pages validateRequest="false">
<namespaces>
<add namespace="System.Runtime.Serialization"/>
<add namespace="System.ServiceModel"/>
<add namespace="System.ServiceModel.Web"/>
</namespaces>
</pages>
</system.web>
I am trying to get Iframe source values from my db table. It's google map I want to include in my page..
This error signals that you are issuing web request with '<' character, and Asp.Net has some prevention against using potentially malicious characters. You should probably set
<system.web><httpRuntime requestPathInvalidCharacters="" /><pages validateRequest="false" /></system.web>
See also http://www.christophercrooker.com/use-any-characters-you-want-in-your-urls-with-aspnet-4-and-iis
But keep in mind that you are switching off functionality that exists to make it harder for attackers to break your web application. So, if I were you, I would first think if I can change the app to not use forbidden chars in URLs

issue related to Max File size of Fileupload control

I have deployed my Website on Windows Server 2007. in IIS
I have added asp:FileUpload control
i have set <httpRuntime maxRequestLength="60000"/> under the <system.web> in my Web.Config file
but website doesn't allowed to Save the the file of maxlength as specified in web.config file.
how can i do this?
Thanks..
I think you need to use the following in the web.config file.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="60000" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
In addition to #Maarten answer which is right.
The problem is IIS 7 or greater have default allowed value of maxAllowedContentLength is 30000000 Byte, So if you try to upload a file greater then this limits it will display Request filtering module is configured to deny a request that exceeds the request content length Issue error.
For a demo of this error which this link

IIS7 - Webrequest failing with a 404.13 when the size of the request params exceeds 30mb

I have a simple webmethod
[WebMethod]
public int myWebMethod(string fileName, Byte[] fileContent)
However, whenever I pass a byte array which is larger than 30mb, I get the error:
HTTP Error 404.13 - Not Found
The request filtering module is configured to deny a request that exceeds the request content length.
My web.config is as follows:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"> </compilation>
<authentication mode="Windows" />
<httpRuntime useFullyQualifiedRedirectUrl="true"
maxRequestLength="102400" requestLengthDiskThreshold="102400"
/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="104857600"/>
</requestFiltering>
</security>
</system.webServer>
</configuration>
I've searched around, and the most common cause of this problem is the maxAllowedContentLength property being 30mb by default. However, I have set this to be 100mb, as well as the maxRequestLength property for httpRuntime.
I can't find a solution anywhere which isn't setting one of the properties I've already tried above. Is there something I have missed?
You problem may lie in the fact that settings made in the web.config file may be superseded by corresponding settings present in both the applicationhost.config and machine.config files.
If you have access to these, check if the overrideModeDefault property of the corresponding sections are set to Allow, as in the following example:
machine.config
<requestFiltering overrideModeDefault="Allow">
<requestLimits maxAllowedContentLength="104857600"/>
</requestFiltering>
AFAIK there is no way to override these settings if you don't have access to the corresponding configuration file.
You may find more information about system-wide configuration and settings override here, here and here - and a very similar case here.
This is pretty old. But I have the same problem today. To fix this, you need to make the necessary setting changes in web.config, then deploy to the web server. The important part is that you need to re-deploy your application to the web server. By doing so, the IIS settings are updated for you. Depending on how you do your deployment, you may need to delete your web application from the web server first, then deploy again. Updating web.config in place won't fix the problem. Hope this helps others with the same problem.

blank asp.net site shows web.config error when i try to access it

I have created a blank asp.net website consisting of a blank default.aspx page, its .cs file, a login.aspx page and its .cs and a web.config. I'm looking to test .net authentication as seen in here on the MSDN site. I've copied everything as shown in the article. I set up the site in IIS6 now when I go to the site I get the runtime error with the:
"To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off"."
message. when I add the customErrors mode="On" tag to the web.config I still get this error like its not looking at the web.config. I've triple checked IIS and its definitely looking at the right site folder. Here's my web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<customErrors mode="On"/>
<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<compilation debug="false" targetFramework="4.0" />
</system.web>
</configuration>
I usually set sites up through CMS installations. This is the first time I've done one from a blank site in visual studio. Is there more you need to add to web.config?
set
<customErrors mode="Off"/>
to see the actual error.
You need to set
Not "On" to see the actual error with stacktrace.

How to increase the max upload file size in ASP.NET?

I have a form that excepts a file upload in ASP.NET. I need to increase the max upload size to above the 4 MB default.
I have found in certain places referencing the below code at msdn.
[ConfigurationPropertyAttribute("maxRequestLength", DefaultValue = )]
None of the references actually describe how to use it, and I have tried several things with no success. I only want to modify this attribute for certain pages that are asking for file upload.
Is this the correct route to take? And how do I use this?
This setting goes in your web.config file. It affects the entire application, though... I don't think you can set it per page.
<configuration>
<system.web>
<httpRuntime maxRequestLength="xxx" />
</system.web>
</configuration>
"xxx" is in KB. The default is 4096 (= 4 MB).
For IIS 7+, as well as adding the httpRuntime maxRequestLength setting you also need to add:
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="52428800" /> <!--50MB-->
</requestFiltering>
</security>
</system.webServer>
Or in IIS (7):
Select the website you want enable to accept large file uploads.
In the main window double click 'Request filtering'
Select "Edit Feature Settings"
Modify the "Maximum allowed content length (bytes)"
To increase uploading file's size limit we have two ways
1.
IIS6 or lower
By default, in ASP.Net the maximum size of a file to be uploaded to the server is
around 4MB. This value can be increased by modifying the
maxRequestLength attribute in web.config.
Remember : maxRequestLenght is in KB
Example: if you want to restrict uploads to 15MB, set maxRequestLength to “15360” (15 x 1024).
<system.web>
<!-- maxRequestLength for asp.net, in KB -->
<httpRuntime maxRequestLength="15360" ></httpRuntime>
</system.web>
2.
IIS7 or higher
A slight different way used here to upload files.IIS7 has
introduced request filtering module.Which executed before
ASP.Net.Means the way pipeline works is that the IIS
value(maxAllowedContentLength) checked first then ASP.NET
value(maxRequestLength) is checked.The maxAllowedContentLength
attribute defaults to 28.61 MB.This value can be increased by
modifying both attribute in same web.config.
Remember : maxAllowedContentLength is in bytes
Example : if you want to restrict uploads to 15MB, set maxRequestLength to “15360” and maxAllowedContentLength to "15728640" (15 x 1024 x 1024).
<system.web>
<!-- maxRequestLength for asp.net, in KB -->
<httpRuntime maxRequestLength="15360" ></httpRuntime>
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!-- maxAllowedContentLength, for IIS, in bytes -->
<requestLimits maxAllowedContentLength="15728640" ></requestLimits>
</requestFiltering>
</security>
</system.webServer>
MSDN Reference link : https://msdn.microsoft.com/en-us/library/e1f13641(VS.80).aspx
for a 2 GB max limit, on your application web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="2147483647" executionTimeout="1600" requestLengthDiskThreshold="2147483647" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483647" />
</requestFiltering>
</security>
</system.webServer>
I believe this line in the Web.config will set the max upload size:
<system.web>
<httpRuntime maxRequestLength="600000"/>
</system.web>
If its windows 2003 / IIS 6.0 then check out AspMaxRequestEntityAllowed = "204800" in the file metabase.xml located in folder C:\windows\system32\inetsrv\
The default value of "204800" (~205Kb) is in my opinion too low for most users. Just change the value to what you think should be max.
If you cant save the file after editing it you have to either stop the ISS-server or enable the server to allow editing of the file:
(source: itmaskinen.se)
Edit: I did not read the question correct (how to set the maxrequest in webconfig). But this informatin may be of interrest for other people, many people who move their sites from win2000-server to win2003 and had a working upload-function and suddenly got the Request.BinaryRead Failed error will have use of it. So I leave the answer here.
I've the same problem in a win 2008 IIS server, I've solved the problem adding this configuration in the web.config:
<system.web>
<httpRuntime executionTimeout="3600" maxRequestLength="102400"
appRequestQueueLimit="100" requestValidationMode="2.0"
requestLengthDiskThreshold="10024000"/>
</system.web>
The requestLengthDiskThreshold by default is 80000 bytes so it's too small for my application. requestLengthDiskThreshold is measured in bytes and maxRequestLength is expressed in Kbytes.
The problem is present if the application is using a System.Web.UI.HtmlControls.HtmlInputFile server component. Increasing the requestLengthDiskThreshold is necessary to solve it.
Max file size can be restricted to a single MVC Controller or even to an Action.
web.config <location> tag can be used for this:
<location path="YourAreaName/YourControllerName>/YourActionName>">
<system.web>
<!-- 15MB maxRequestLength for asp.net, in KB 15360 -->
<httpRuntime maxRequestLength="15360" />
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!-- 15MB maxAllowedContentLength, for IIS, in bytes 15728640 -->
<requestLimits maxAllowedContentLength="15728640" />
</requestFiltering>
</security>
</system.webServer>
</location>
Or you can add these entries in area's own web.config.
I know it is an old question.
So this is what you have to do:
In you web.config file, add this in <system.web>:
<!-- 3GB Files / in kilobyte (3072*1024) -->
<httpRuntime targetFramework="4.5" maxRequestLength="3145728"/>
and this under <system.webServer>:
<security>
<requestFiltering>
<!-- 3GB Files / in byte (3072*1024*1024) -->
<requestLimits maxAllowedContentLength="3221225472" />
</requestFiltering>
</security>
You see in the comment how this works. In one you need to have the sie in bytes and in the other one in kilobytes. Hope that helps.
If you are using Framework 4.6
<httpRuntime targetFramework="4.6.1" requestValidationMode="2.0" maxRequestLength="10485760" />
You can write that block of code in your application web.config file.
<httpRuntime maxRequestLength="2048576000" />
<sessionState timeout="3600" />
By writing that code you can upload a larger file than now
If you use sharepoint you should configure max size with Administrative Tools too:
kb925083
I have a blog post on how to increase the file size for asp upload control.
From the post:
By default, the FileUpload control allows a maximum of 4MB file to be uploaded and the execution
timeout is 110 seconds. These properties can be changed from within the web.config file’s httpRuntime section. The maxRequestLength property determines the maximum file size that can be uploaded. The
executionTimeout property determines the maximum time for execution.
If it works in your local machine and does not work after deployment in IIS (i used Windows Server 2008 R2) i have a solution.
Open IIS (inetmgr)
Go to your website
At right hand side go to Content (Request Filtering)
Go to Edit Feature Settings
Change maximum content size as (Bytes you required)
This will work.
You can also take help from following thread
http://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits

Categories

Resources