Request Entity Too Large (Http Error 413) and SSL Client Authentication

If client certificates are enabled on a Web site clients might see an HTTP 413 error when uploading large files. For instance, this happened to me after selecting a row of an asp gridview with many rows. This selection should have triggered a postback. Instead I got a an HTTP 413 error.

The reason behind such a behaviour is that, according to microsoft technet, if a client sends a long HTTP request (for example, a POST request) the IIS worker process might receive enough data to parse request headers, but not receive the entire request entity body. When the IIS worker process detects that client certificates are required to return data to the client, IIS attempts to renegotiate the client connection. However, the client cannot renegotiate the connection because it is waiting to send the remaining request data to IIS. If client renegotiation is requested, the request entity body must be preloaded using SSL preload. SSL preload will use the value of the UploadReadAheadSize metabase property, which is used for ISAPI extensions. However, if UploadReadAheadSize is smaller than the content length, an HTTP 413 error is returned, and the connection is closed to prevent deadlock. (Deadlock occurs because a client is waiting to complete sending a request entity, while the server is waiting for renegotiation to complete, but renegotiation requires that the client to be able to send data, which it cannot do).

The solution is to ensure that client is not blocked from sending the entire entity body. To do so, change the value of UploadReadAheadSize (by default 48Kb) to a value larger than the content length. A way of realizing this solution is to edit applicationHost.config under SYSTEMDRIVE:\Windows\System32\inetsrv\config\

And add the lines in bold to the section <system.webServer> within the section <location > of your WebSite.

<location path="SiteName">



<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert, Ssl128" />


<anonymousAuthentication enabled="false" />



<asp />

<serverRuntime uploadReadAheadSize="1048576" />



Be aware, though, that uploadReadAheadSize is set to 48Kb to prevent denial of service attacks.

Another aproach modifying the web.config:


<httpRuntime executionTimeout="200" maxRequestLength="12000" />


where maxRequestLength is in KB and executionTimeout in seconds. https://msdn.microsoft.com/es-es/library/e1f13641(v=vs.85).aspx

ASP.Net Shows Error 500 No Matter What You Do (Normally at first Installation)

Possible solutions:

    1. change the identity of the application pool to one with sufficient privileges,

    2. make sure the correct asp.net version is installed on iis

ASP.NET Routing Not Working on IIS 7.0

ASP.NET routing does not work on IIS 7.0. The solution is to add runAllManagedModulesForAllRequests="true". Detailed explanation here.

<system.webServer> <modules runAllManagedModulesForAllRequests="true"> </modules> </system.webServer>

Serving .cer Files

Disable the ISAPI module by "Handler Mappings" settings on IIS Manager:

  1. Select the target web site in the left pane of the IIS Manager,

  2. Double Click the "Handler Mappings" icon in the "IIS" section.

  3. Delete the setting named "SecurityCertificate"

Add the MIME type for *.cer file:

  1. Select the target web site in the left pane of IIS Manager,

  2. Select "MIME Types" in the "IIS" section,

  3. Add the MIME Type "application/pkix-cert" or "application/x-x509-ca-cert" for the extension ".cer".