How to upload large files in ASP.Net MVC 4
I have code like this in the controller:
Request.Files.Get("img").SaveAs(Server.MapPath("~/Images/ImgSong/" + +Out.Id + ".jpg"));
It only allows uploading a small file, while the file I want to upload would
range from 10Mb to 100Mb.
Please help me.
You need to change you web.config:
<configuration>
<system.web>
<httpRuntime maxRequestLength="4096" />
</system.web>
</configuration>
The default value is 4096kb. You need to change this value to 10240 for 10mb uploading.
Edit your web.config as per size of file.
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="10240" executionTimeout="1600" requestLengthDiskThreshold="10240" />
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="10240" />
</requestFiltering>
</security>
...
</system.web>
Related
Recently I have developed a very simple .net core API and then deployed the same on IIS and want to enable Windows Authentication for some users. To be able to implement it, my web.config looks like
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="Tow\USER1"/>
<deny users="*"/>
</authorization>
</system.web>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\Oculus.WebApi.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
</configuration>
As it can be seen only User1 should be allowed access but everyone is able to access. My IIS authentication looks like this:
Can some one help please?
From this thread, ASP.NET Core does not support nor use web.config. The published web.config is there only for IIS hosting, since IIS requires this.
A wrokaround is that you could try to place inside system.webServer, which is directly for configuration of IIS.
<configuration>
<system.webServer>
<security>
<authorization>
<remove users = "*" roles="" verbs="" />
<add accessType = "Allow" users="Tow\USER1"/>
</authorization>
</security>
</system.webServer>
</configuration>
But the recommend way is that you'd better write you own custom authorization policy in asp.net core
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2
need to set maximum request length in appsetting file.
In web.config we use,
<configuration>
<system.web>
<httpRuntime maxRequestLength="1048576" />
</system.web>
For specifying the maximum request length, you could add web.config to your project and modify it like
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648" />
</requestFiltering>
</security>
</system.webServer>
You could check this from [Discussion]: New default 30 MB (~28.6 MiB) max request body size limit.
You also could try New default 30 MB (~28.6 MiB) max request body size limit #267
On hosting my website on goddady plesk server and when there an error with one of my pages it seems not to display in detail though i have a web.config file in my root folder. I don't know if maybe there's a problem with my web.config. the only tell it tells me is "There is a problem with the resource you are trying to access"
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true"/>
</system.webServer>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true"/>
</system.web>
</configuration>
This works on Fasthosts (UK) shared hosting:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
</configuration>
It tends to give me the detailed errors that we need for Classic ASP development. Remember to turn that off when the site goes live.
I have a WCF hosted on IIS7. When I try to consume a service that takes more than 90 seconds to produce results, it times out after 90 second.
In web config, I have increased my executionTimeout to 900 seconds
<system.web>
<compilation debug="false" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" executionTimeout="900" shutdownTimeout="900" maxRequestLength="2097152" enable="true"/>
<pages>
<namespaces>
<add namespace="System.Runtime.Serialization"/>
<add namespace="System.ServiceModel"/>
<add namespace="System.ServiceModel.Web"/>
</namespaces>
</pages>
<customErrors mode="Off"/>
<trace enabled ="true" pageOutput ="true" requestLimit ="20" traceMode="SortByTime" />
</system.web>
On the IIS side, I have set scriptTimeout to 00:05:10. (Default Website->ASP->Limits Properties->scriptTimeout)
In Application Pools, Advanced Settings, I have set Ping Maximum Response Time to 300 seconds (as well as Shutdown Time Limit. Though I don't think this helps.)
Even though I have increased every timeout variable I could find to over 90 second, my service still times out at 90 seconds.
Anyone know a timeout I might have missed?
I took this from my config on my TEST server... this works. You're definitely going to want to change these values.
<binding name="tcp_unsecured_HighLimit" closeTimeout="23:59:59" openTimeout="23:59:59" receiveTimeout="23:59:59" sendTimeout="23:59:59" >
<readerQuotas maxDepth="104857600" maxStringContentLength="2000000000" maxArrayLength="2000000000"
maxBytesPerRead="2000000000" maxNameTableCharCount="2000000000" />
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
In IIS 7 I try to deny access to all files with the extension .xml for all users.
I tried the following setting in my web.config file:
<location path="*.xml">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
But then getting any file results in an internal server error.
It works if I deny access to the individual files but this solution does not buy me much as I do not know all .xml files in advance.
Try this:
<configuration>
<system.web>
<httpHandlers>
<add path="*.xml" verb="*"
type="System.Web.HttpNotFoundHandler" />
</httpHandlers>
</system.web>
</configuration>
By the way you could alternatively store all of your xml files within the App_Data directory. Storing files of any type in this directory will not be served to the web.
Another way is to use a request filter:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".xml" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
I have stumbled across this when searching for a way to change the security applied to all actions within a controller in a legacy application (ASP.NET MVC). I thought I need some sort of wildcard, but simply providing the path including the controller segment is enough:
This allows anonymous access to all actions within FooController.