Framework asp.net core 2.2 -
After developing and managed to get the Windows logged in user in the local host (IIS express):
[Route("getUser")]
[HttpGet]
public IActionResult GetUser()
{
var NullUser = User.Identity.Name; //return null
var currentUser = System.Security.Principal.WindowsIdentity.GetCurrent();
return Ok(currentUser.Name);
}
and LaunchSettings.json:
"iisSettings":{
"windowsAuthentication": false,
"anonymousAuthentication": true
...
}
So far, so good !
Now - I'm publishing the application to an IIS, with the web.config:
<system.web>
<authentication mode="Windows"></authentication>
<identity impersonate="false" /> //This is because I'm getting the username by code
</system.web>
<system.webServer>
<aspnetCore processPath=....... forwardWindowsAuthToken="true" hsotingModel="InProcess">
</aspnetCore>
<security>
<authentication>
<anonymousAuthentication enabled ="false" />
<windowsAuthentication enabled ="true" />
</authentication>
</security>
</system.webServer>
These are the basic properties of the application pool which the application works with:
.NET CLR version: No Managed Code
Managed pileline mode: Integradted
Advanced:
Process Model:
Identity: ApplicationPoolIdentity
And then, when running the application, I'm getting error 500.19 pointing on the authentication section (ignore typo errors - it is free text writing - not copy + paste):
AnonymousAuthenticationModule
Config error
This configuration section cannot be used at this path. This happens when the section is
locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set
explicitly by a location tag with overrideMode="Deny"; ot the legacy allowOverride="false"/
Config Source:
<authentication>
<anonymousAuthentication enabled ="true" />
<windowsAuthentication enabled ="true" />
web.config.png
I am pretty sure "anonymousAuthentication enabled" should be set to false.
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/
As #Lex Li mentioned - the problem was configuration line items which are irrelevant to ASP.NET core, but to ASP.NET 4.5 - I removed them as he advised
This question already has answers here:
Remove "Server" header from ASP.NET Core 2.1 application
(7 answers)
Closed 1 year ago.
I have an asp .net core web api which acts as a proxy to some other asp .net core web api services.
Everything works great, except I can't get this header to stop appearing in responses:
server: Microsoft-IIS/10.0
I added this to web.config in both proxy and service projects
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="Server" />
</customHeaders>
</httpProtocol>
</system.webServer>
And it seems to work for X-Powered-By, but not Server
I also tried adding
<security>
<requestFiltering removeServerHeader="true" />
</security>
Now the header reads
server: Kestrel
Does anyone know why that would be, and how I can get this to work?
This one works on IIS 10.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>
As far as I know, if you want to remove the server header Kestrel, I suggest you could try below ways.
You could try to modify the UseKestrel setting in Program.CS:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
webBuilder.UseKestrel(option => option.AddServerHeader = false);
});
Result:
I have all aspnetcore movdulev2, all necessary software instaled on the server. IIS recognizes the web site and I put a default page that shows up. THe only probelem is when I hot the controller/action from the root application path of the webAPi app I get 404. I have tried different formats of routing, including a default .Net core 3 app from Microsoft. Everything works on my local IIS Express but not on IIS. App pool is .NttCore NoManaged Apppool. I do not have any permission issues.
My program .cs & Web.config are below:
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseContentRoot(Directory.GetCurrentDirectory());
webBuilder.UseStartup<Startup>();
});
}
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="c:\program files\dotnet\dotnet.exe" verb="*"
modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\WebApplication2Test.dll" stdoutLogEnabled="false"
stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>
If anyone can help provide direction that will help.
From your frt log, the routing module responsible for asp.net did not work. The request should have entered the routing pipeline but went to the static file processing module of iis. iis looked up in the file system according to the url but did not find it, so a 404 was reported. . You can use the following configuration to force the routing module to work.
<system.webServer>
.....
<modules runAllManagedModulesForAllRequests="true" />
.....
</system.webServer>
Currently, I am working with Asp.Net Core and MVC6 need to upload file size unlimited. I have searched its solution but still not getting the actual answer.
I have tried this link
If anyone have any idea please help.
Thanks.
The other answers solve the IIS restriction. However, as of ASP.NET Core 2.0, Kestrel server also imposes its own default limits.
Github of KestrelServerLimits.cs
Announcement of request body size limit and solution (quoted below)
MVC Instructions
If you want to change the max request body size limit for a specific MVC action or controller, you can use the RequestSizeLimit attribute. The following would allow MyAction to accept request bodies up to 100,000,000 bytes.
[HttpPost]
[RequestSizeLimit(100_000_000)]
public IActionResult MyAction([FromBody] MyViewModel data)
{
[DisableRequestSizeLimit] can be used to make request size unlimited. This effectively restores pre-2.0.0 behavior for just the attributed action or controller.
Generic Middleware Instructions
If the request is not being handled by an MVC action, the limit can still be modified on a per request basis using the IHttpMaxRequestBodySizeFeature. For example:
app.Run(async context =>
{
context.Features.Get<IHttpMaxRequestBodySizeFeature>().MaxRequestBodySize = 100_000_000;
MaxRequestBodySize is a nullable long. Setting it to null disables the limit like MVC's [DisableRequestSizeLimit].
You can only configure the limit on a request if the application hasn’t started reading yet; otherwise an exception is thrown. There’s an IsReadOnly property that tells you if the MaxRequestBodySize property is in read-only state, meaning it’s too late to configure the limit.
Global Config Instructions
If you want to modify the max request body size globally, this can be done by modifying a MaxRequestBodySize property in the callback of either UseKestrel or UseHttpSys. MaxRequestBodySize is a nullable long in both cases. For example:
.UseKestrel(options =>
{
options.Limits.MaxRequestBodySize = null;
or
.UseHttpSys(options =>
{
options.MaxRequestBodySize = 100_000_000;
You're probably getting a 404.13 HTTP status code when you upload any file over 30MB. If you're running your ASP.Net Core application in IIS, then the IIS pipeline is intercepting your request before it hits your application.
Update your web.config:
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false"/>
<!-- Add this section for file size... -->
<security>
<requestFiltering>
<!-- Measured in Bytes -->
<requestLimits maxAllowedContentLength="1073741824" /> <!-- 1 GB-->
</requestFiltering>
</security>
</system.webServer>
Previous ASP.Net applications also needed this section, but it's not needed anymore in Core as your requests are handled by middleware:
<system.web>
<!-- Measured in kilobytes -->
<httpRuntime maxRequestLength="1048576" />
</system.web>
Maybe I am late here but here is the complete solution for uploading a file with a size of more than 30.0 MB in ASP.NET Core Version >=2.0:
You need to do the following three steps:
1. IIS content length limit
The default request limit (maxAllowedContentLength) is 30,000,000 bytes, which is approximately 28.6 MB. Customize the limit in the web.config file:
<system.webServer>
<security>
<requestFiltering>
<!-- Handle requests up to 1 GB -->
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
Note: without this application running on IIS would not work.
2. ASP.NET Core Request length limit
For application running on IIS:
services.Configure<IISServerOptions>(options =>
{
options.MaxRequestBodySize = int.MaxValue;
});
For application running on Kestrel:
services.Configure<KestrelServerOptions>(options =>
{
options.Limits.MaxRequestBodySize = int.MaxValue; // if don't set default value is: 30 MB
});
3. Form's MultipartBodyLengthLimit
services.Configure<FormOptions>(options =>
{
options.ValueLengthLimit = int.MaxValue;
options.MultipartBodyLengthLimit = int.MaxValue; // if don't set default value is: 128 MB
options.MultipartHeadersLengthLimit = int.MaxValue;
});
Adding all the above options will solve the problem related to the file upload with a size of more than 30.0 MB.
In ASP.NET Core 1.1 project that created by Visual Studio 2017, if you want to increase upload file size. You need to create web.config file by yourself, and add these content:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<!-- 1 GB -->
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
In Startup.cs file, add these content:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<FormOptions>(x =>
{
x.ValueLengthLimit = int.MaxValue;
x.MultipartBodyLengthLimit = int.MaxValue;
x.MultipartHeadersLengthLimit = int.MaxValue;
});
services.AddMvc();
}
In your startup.cs configure FormsOptions Http Feature:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<FormOptions>(o => // currently all set to max, configure it to your needs!
{
o.ValueLengthLimit = int.MaxValue;
o.MultipartBodyLengthLimit = long.MaxValue; // <-- !!! long.MaxValue
o.MultipartBoundaryLengthLimit = int.MaxValue;
o.MultipartHeadersCountLimit = int.MaxValue;
o.MultipartHeadersLengthLimit = int.MaxValue;
});
}
UseIHttpMaxRequestBodySizeFeature Http Feature to configure MaxRequestBodySize
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.Use(async (context, next) =>
{
context.Features.Get<IHttpMaxRequestBodySizeFeature>().MaxRequestBodySize = null; // unlimited I guess
await next.Invoke();
});
}
Kestrel:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>().UseKestrel(o => o.Limits.MaxRequestBodySize = null);
});
IIS --> web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<!-- ~ 2GB -->
<httpRuntime maxRequestLength="2147483647" /> // kbytes
</system.web>
<system.webServer>
<security>
<requestFiltering>
<!-- ~ 4GB -->
<requestLimits maxAllowedContentLength="4294967295" /> // bytes
</requestFiltering>
</security>
</system.webServer>
</configuration>
Http.sys:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>().UseHttpSys(options =>
{
options.MaxRequestBodySize = null;
});
});
If you want to upload a very large file, potentially several GB large and you want to buffer it into a `MemoryStream` on the server, you will get an error message `Stream was too long`, because the capacity of the `MemoryStream` is `int.MaxValue`.
You would ahve to implement your own custom MemoryStream class.
But anyway, buffering such large files makes no sense.
Using a web.config might compromise the architecture of .NET core and you might face problem while deploying the solution on Linux or on Mac.
Better is to use the Startup.cs for configuring this setting: Ex:
services.Configure<FormOptions>(x =>
{
x.ValueLengthLimit = int.MaxValue;
x.MultipartBodyLengthLimit = int.MaxValue; // In case of multipart
});
Here is a correction:
You need to add web.config as well because when the request hits the IIS then it will search for the web.config and will check the maxupload length: sample :
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<!-- 1 GB -->
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
In my case, I needed to increase the file upload size limit, but for a single page only.
The file upload size limit is a security feature, and switching it off or increasing it globally often isn't a good idea. You wouldn't want some script kiddie DOSing your login page with extremely large file uploads. This file upload limit gives you some protection against that, so switching it off or increasing it globally isn't always a good idea.
So, to increase the limit for a single page instead of globally:
(I am using ASP.NET MVC Core 3.1 and IIS, Linux config would be different)
1. Add a web.config
otherwise IIS (or IIS Express, if debugging in Visual Studio) will block the request with a "HTTP Error 413.1 - Request Entity Too Large" before it even reaches your code.
Note the "location" tag, which restricts the upload limit to a specific page
You will also need the "handlers" tag, otherwise you will get a HTTP 404 error when browsing to that path
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="SomeController/Upload">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<security>
<requestFiltering>
<!--unit is bytes => 500 Mb-->
<requestLimits maxAllowedContentLength="524288000" />
</requestFiltering>
</security>
</system.webServer>
</location>
</configuration>
Next you will need to add the RequestSizeLimit attribute to your controller action, since Kestrel has its own limits too.
(you can instead do it via middleware as per other answers if you prefer)
[HttpPost]
[RequestSizeLimit(500 * 1024 * 1024)] //unit is bytes => 500Mb
public IActionResult Upload(SomeViewModel model)
{
//blah blah
}
and for completeness (if using MVC), your view and view model could look like this:
view
<form method="post" enctype="multipart/form-data" asp-controller="SomeController" asp-action="Upload">
<input type="file" name="#Model.File" />
</form>
View Model
public class SomeViewModel
{
public IFormFile File { get; set; }
}
and, if you are uploading files greater than 128Mb via form post, you may run in to this error too
InvalidDataException: Multipart body length limit 134217728 exceeded.
So on your controller action you could add the RequestFormLimits attribute
[HttpPost]
[RequestSizeLimit(500 * 1024 * 1024)] //unit is bytes => 500Mb
[RequestFormLimits(MultipartBodyLengthLimit = 500 * 1024 * 1024)]
public IActionResult Upload(SomeViewModel model)
{
//blah blah
}
In your web.config:
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648" />
</requestFiltering>
</security>
</system.webServer>
Manually edit the ApplicationHost.config file:
Click Start. In the Start Search box, type Notepad. Right-click Notepad, and then click "Run as administrator".
On the File menu, click Open. In the File name box, type "%windir%\system32\inetsrv\config\applicationhost.config", and then click Open.
In the ApplicationHost.config file, locate the <requestLimits> node.
Remove the maxAllowedContentLength property. Or, add a value that matches the size of the Content-Length header that the client sends as part of the request. By default, the value of the maxAllowedContentLength property is 30000000.
Save the ApplicationHost.config file.
I will add this for completeness for other unlucky lads like me that ended up here, Source
In Startup.cs:
services.Configure<FormOptions>(options =>
{
options.MultipartBodyLengthLimit = 60000000;
});
Using Visual Studio 2022 (v 17.1.6) and .net core 6, I did not need to change anything in the Program.cs class. I only needed to add these two attributes (in addition to [HttpPost] and [Route]) to my controller method while running locally to accept a 100MB upload:
[RequestSizeLimit(100 * 1024 * 1024)]
[RequestFormLimits(MultipartBodyLengthLimit = 100 * 1024 * 1024)]
If you have scrolled down this far, that means you have tried above solutions. If you are using latest NET CORE versions (5.., 6..) and using IIS for hosting do this.
Add the web.config file to your project and then add the following code there:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<!-- Handle requests up to 1 GB -->
<requestLimits maxAllowedContentLength="1073741824" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
Set up the Form Options and IIS Server Options in your Startup.cs file like this:
services.Configure<IISServerOptions>(options =>
{
options.MaxRequestBodySize = int.MaxValue;
});
services.Configure<FormOptions>(o =>
{
o.ValueLengthLimit = int.MaxValue;
o.MultipartBodyLengthLimit = int.MaxValue;
o.MultipartBoundaryLengthLimit = int.MaxValue;
o.MultipartHeadersCountLimit = int.MaxValue;
o.MultipartHeadersLengthLimit = int.MaxValue;
o.BufferBodyLengthLimit = int.MaxValue;
o.BufferBody = true;
o.ValueCountLimit = int.MaxValue;
});
I was trying to upload a big file but somehow the file wasn't reaching the controller action method and the parameters including the file one was still null like this:
[HttpPost]
public async Task<IActionResult> ImportMedicalFFSFile(
Guid operationProgressID,
IFormFile file, // <= getting null here
DateTime lastModifiedDate)
{
...
}
What fixed it was adding the [DisableRequestSizeLimit] attribute to the action method or the entire controller\BaseController if you prefer:
[DisableRequestSizeLimit]
public class ImportedFileController : BaseController
{
...
}
More info here:
DisableRequestSizeLimitAttribute Class
I have deployed an MVC3 and WCF web service as a single application. Both work as expected. GET and POST requests work perfectly, but the PUT and DELETE requests return 404 errors. These work fine locally. Initially it was requesting a username/password for PUT/DELETE requests.
Here is my WebServer config from my web.config file
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAVModule" />
</handlers>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*"
verbs="GET,HEAD,POST,DEBUG,PUT,DELETE" />
</authorization>
</security>
</system.webServer>
Here are my PUT and DELETE methods:
[OperationContract]
[WebInvoke(UriTemplate = "{id}", Method = "PUT")]
public MyResource Put(MyResource updatedResource, int id)
{
MyResource existingResource = Database.GetResourceById(id);
existingResource.Name = updatedResource.Name;
Database.SaveResource(existingResource);
return existingResource;
}
[OperationContract]
[WebInvoke(UriTemplate = "{id}", Method = "DELETE")]
public MyResource Delete(int id)
{
MyResource sampleResource = Database.DeleteResourceById(id);
return sampleResource;
}
My set up:
.NET 4.0
MVC3
IIS 7.0
Note: I am on a shared hosting plan, therefore do not have direct access to IIS7.0 a so I need to make changes via the web.config file.
Enable Tracing on your service and see why you get a 404 error when you try for a PUT or DELETE action.