IIS Express Asp.Net long URL returns 400 Bad Request

1
votes

Update:

The stack trace was due to a proxy where the correct Web.Config was not altered. However creating a new project -> ASP.NET Web Application (.NET Framework) using .NET Framework 4.6.1 the exact same bad request error is present. Even after updating Web.config with the following values:

<system.web>
  <authentication mode="None"/>
  <httpRuntime targetFramework="4.6.1" maxUrlLength="2048" maxQueryStringLength="32768" relaxedUrlToFileSystemMapping="true" />
</system.web>
...
<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true">
      <requestLimits maxQueryString="32768" maxAllowedContentLength="32768" />
    </requestFiltering>
  </security>
</system.webServer>

Original:

I'm having a weird problem.

The following URL with 203 characters works:

https://localhost:44369/api/Account/testReset/AQAAANCMnd8BFdERjHoAwE12fCl12bsBAAAA9B6VBWG0rESm48zX3kvFAgAAAAACAAAAAAAQZgAAAAEAACAAAABrejIuYGBxLG912bGeknd3Iww12b9dhdzE99tfhdGW1FPbmQAAAAAOgAAAAAIAACAAAAAWg

The following URL with 303 characters gives a stack trace error:

https://localhost:44369/api/Account/testReset/AQAAANCMnd8BFdERjHoAwE12fCl12bsBAAAA9B6VBWG0rESm48zX3kvFAgAAAAACAAAAAAAQZgAAAAEAACAAAABrejIuYGBxLG912bGeknd3Iww12b9dhdzE99tfhdGW1FPbmQAAAAAOgAAAAAIAACAAAAAWgI6mOVdROCbpPBF71QQsivA1VaIPJuALkCN4A5kFUEAAAAAa905JtNQkjp1KFUZJks6PuShgpYDv4nQvTAJTYnzxJu5BvT3AdB12b

The length of the URL for this request exceeds the configured maxUrlLength value.

Exception Details: System.Web.HttpException: The length of the URL for this request exceeds the configured maxUrlLength value.

[HttpException (0x80004005): The length of the URL for this request exceeds the configured maxUrlLength value.]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9939787
System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

enter image description here

This URL with 403 characters gives me 400 Bad Request page:

https://localhost:44369/api/Account/testReset/AQAAANCMnd8BFdERjHoAwE12fCl12bsBAAAA9B6VBWG0rESm48zX3kvFAgAAAAACAAAAAAAQZgAAAAEAACAAAABrejIuYGBxLG912bGeknd3Iww12b9dhdzE99tfhdGW1FPbmQAAAAAOgAAAAAIAACAAAAAWgI6mOVdROCbpPBF71QQsivA1VaIPJuALkCN4A5kFUEAAAAAa905JtNQkjp1KFUZJks6PuShgpYDv4nQvTAJTYnzxJu5BvT3AdB12bIobF0DrIjWDgzrTa7ddaOLWfekVuEvEZJQAAAAN9tYCLKXD6Z1BembCCgBa7XkUhs0aOsLj0euwKYaR12b799hD812bO1pMsKXwl

enter image description here

The question is two parts: Why do I receive different errors and what can I do to fix it? I know I can send the request with ?token= with route [Route("testReset")] to get it to work but this is about setting the URL length.

Code:

[HttpGet]
[AllowAnonymous]
[Route("testReset/{token}")]
public IHttpActionResult Test(string token)
{
    return Ok();
}

Web.config:

<system.web>
  <httpRuntime targetFramework="4.5.2" maxUrlLength="2048" maxQueryStringLength="32768" relaxedUrlToFileSystemMapping="true" />
</system.web>

<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true">
      <requestLimits maxQueryString="32768" />
    </requestFiltering>
  </security>
</system.webServer>

From this thread:

How do I increase the maxUrlLength property in the config in asp.net MVC 3?

2
c#asp.netiisiis-express
Check if you modified the correct web.config file, as the source code won't lie, referencesource.microsoft.com/#System.Web/HttpRequest.cs,2618Lex Li
@LexLi Updated the question. Indeed the stack trace was due to this but the Bad Request is still there.Ogglas

2 Answers

1
votes

On Web.config under system webserver tag u have to add this : 

 <security>
<requestFiltering>
  <requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>

0
votes

For me the reason of the same problem was default value of UrlSegmentMaxLength=260 (see https://docs.microsoft.com/en-us/troubleshoot/iis/httpsys-registry-windows)