Request Entity Too Large (Http Error 413) and SSL Client Authentication The reason behind such a behaviour is that, according to microsoft technet, if a client sends a long HTTP request (for example, a POST request) the IIS worker process might receive enough data to parse request headers, but not receive the entire request entity body. When the IIS worker process detects that client certificates are required to return data to the client, IIS attempts to renegotiate the client connection. However, the client cannot renegotiate the connection because it is waiting to send the remaining request data to IIS. If client renegotiation is requested, the request entity body must be preloaded using SSL preload. SSL preload will use the value of the UploadReadAheadSize metabase property, which is used for ISAPI extensions. However, if UploadReadAheadSize is smaller than the content length, an HTTP 413 error is returned, and the connection is closed to prevent deadlock. (Deadlock occurs because a client is waiting to complete sending a request entity, while the server is waiting for renegotiation to complete, but renegotiation requires that the client to be able to send data, which it cannot do). The solution is to ensure that client is not blocked from sending the entire entity body. To do so, change the value of UploadReadAheadSize (by default 48Kb) to a value larger than the content length. A way of realizing this solution is to edit applicationHost.config under SYSTEMDRIVE:\Windows\System32\inetsrv\config\ And add the lines in bold to the section <system.webServer> within the section <location > of your WebSite. <location path="SiteName"> <system.webServer> <security> <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert, Ssl128" /> <authentication> <anonymousAuthentication enabled="false" /> </authentication> </security> <asp /> <serverRuntime uploadReadAheadSize="1048576" /> </system.webServer> </location> Be aware, though, that uploadReadAheadSize is set to 48Kb to prevent denial of service attacks. Another aproach modifying the web.config: <system.web> <httpRuntime executionTimeout="200" maxRequestLength="12000" /> ... where maxRequestLength is in KB and executionTimeout in seconds. https://msdn.microsoft.com/es-es/library/e1f13641(v=vs.85).aspx ASP.Net Shows Error 500 No Matter What You Do (Normally at first Installation) Possible solutions:
ASP.NET Routing Not Working on IIS 7.0 ASP.NET routing does not work on IIS 7.0. The solution is to add runAllManagedModulesForAllRequests="true". Detailed explanation here. <system.webServer> <modules runAllManagedModulesForAllRequests="true"> </modules> </system.webServer> |
tips (en) >