Unable to use maxAllowedContentLength and maxQueryString together in iis 8 - asp.net-mvc-5

I tried using below tag in my web.config.
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="15728640" maxUrl="4096" maxQueryString="32768" />
</requestFiltering>
</security>
</system.webServer>
In this case maxAllowedContentLength works but the maxQueryString doesnt work even though it is set max.

You may have to add the following to httpRuntime. According to MSDN, the correct element to modify to reset maxQueryStringLength in web.config is the <httpRuntime> element inside the <system.web> element, see httpRuntime Element (ASP.NET Settings Schema). Try modifying that element see below.
<system.web>
<httpRuntime maxQueryStringLength="15728640" maxQueryStringLength="32768" maxUrlLength="4096"/>
</system.web>
Here is a link to httpRuntime variables

Related

Enable Compression Mime-types for Web-Site Application

Our website uses both dynamic and static compression. I know that compression can be enabled/disabled on a web.config level, but that the mime-types for static and dynamic compression cannot be enabled at a web-config level.
Meaning, this section:
<httpCompression directory="%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files" staticCompressionIgnoreHitFrequency="true">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
Stuff
</staticTypes>
<dynamicTypes>
Stuff
</dynamicTypes>
</httpCompression>
Must go in the applicationHost.config, and is generally edited using appcmd.exe.
I know there is a location element in the applicationHost.config that allows setting many things on a per website basis, but I can't seem to find anywhere if mimetypes for dynamic compression are one of them.
I have tried overriding these settings using a location element, but have not had any success and cannot find documentation stating it's possible for the httpCompression element.
To make matters worse, we install our product as a web application under the default site, so really we want to enable these dynamic compression mime-types only under our application, instead of site (or server) wide. Is this possible?
Generally, we are using IIS 7 and above. Right now our minimum is 7, so assume anything needs to work with that.
My question is:
Can httpCompression settings be set in the applicationHost.config per website and possible per web application under a web site?
Is there a different way to enable dynamicCompression specifics on a website/web application level?
Just an important precision: There is one prerequisite to ensure that you can add MIME Types in the "web.config" file:
It is possible to add MIME Types in the <staticTypes> and <dynamicTypes> sections at the website level (in "web.config") only if this is explicitely allowed at the "applicationHost.config" level, as explained in this solution from Stack Overflow:
The important thing to note is that modifying your
applicationHost.config (in %windir%\system32\inetsrv\config) from the following setting:
<section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Deny" />
to:
<section name="httpCompression" overrideModeDefault="Allow" />
will enable configuration of the httpCompression tag under the
system.webServer tag in your web.config.
Yes you can very well add dynamic and static types in web application's web.config file. ApplicationHost.config will define global compression settings and if you want to override them in your application you can do so. Following is sample from one of my application.
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="Glimpse" type="Glimpse.AspNet.HttpModule, Glimpse.AspNet" preCondition="integratedMode" />
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="Glimpse" path="glimpse.axd" verb="GET" type="Glimpse.AspNet.HttpHandler, Glimpse.AspNet" preCondition="integratedMode" />
</handlers>
<httpCompression>
<dynamicTypes>
<remove mimeType="text/*" />
<add mimeType="application/json" enabled="true" />
</dynamicTypes>
</httpCompression>
Here remove tag in dynamicTypes removes global entry coming from ApplicationHost.config
add tag is adding additional mimeType on top of global entries from applicationHost.config. This addition will be applicable only for whose web.config is being modified.
Similarly you can modify staticTypes as well.

Cannot get caching for static recources (CSS, images) does to work in Azure Web App

I have an Azure account with a Web Application that is in the very early stages of development.
I am using Google Pagespeed Insights to test for any performance issues ( https://developers.google.com/speed/pagespeed/insights/ )
It tells me I don't have the cache set for my static resources. So I have enabled caching in the web.config file for my web application by adding the following code:
<system.webServer>
<staticContent>
<clientCache cacheControlCustom="public" cacheControlMaxAge="00.12:00:00" cacheControlMode="UseMaxAge" />
</staticContent>
</system.webServer>
Yet this does not work (I check the headers with Chrome Dev Tools).
Any ideas on what I am doing wrong?
Thank you.
Never mind, got it figured out.
Had to take out the following code out of web.config:
<handlers>
<add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
</handlers>
<httpPlatform processPath="%DNX_PATH%" arguments="%DNX_ARGS%" stdoutLogEnabled="false" startupTimeLimit="3600"/>
It was there from the ASP.NET 5 MVC project I set up earlier.

MVC WebAPI2 attribute routing using a path ending with a route parameter of type double

We are having an issue with WebApi2 attribute routing. We recently upgraded to MVC5 and Web Api 2. As part of the upgrade we shifted our Web Api to use Attribute routing.
One of our API calls allows for data to be requested using a latitude and longitude bounding box.
https://myapi.com/v1/things/area/{toplat}/{leftlon}/{botlat}/{rightlon}
This worked in the previous api, but not in the new one. We can't find a configuration that allows this to work. The final argument {rightlon} is a double and the xx.XXX is interpreted as a file extension.
Specifying the parameters as a double {toplat:double} had no impact. We can't easily force the legacy clients to update to include a trailing slash as some posts suggest. This config change also didn't work for us.
Why is my Web API method with double args not getting called?
Has anyone found a way to use attribute routing in WebApi2 to allow for a route that has a double/decimal/float as the last route parameter?
Solved.
The linked article did include the solution but also needed the correct format on the Attribute Routing.
[HttpGet] [Route("~/v1/things/area/{toplat:double}/{leftlon:double}/{botlat:double}/{rightlon:double}")]
in the web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules>
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
</system.webServer>

Azure and .json mimeType without web.config

Adding to my web.config
<system.webServer>
<staticContent>
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
</system.webServer>
Allows my application to run on Azure, but will crash my remote IIS server because its already included. Removing the remote IIS mimeType is not practical in this particular case. I end up using a different web.config
Is there another mechanism by which I can configure Azure IIS mimeType so I don't have this problematic web.config?
I would like a single deployment package that will work on Azure and non Azure.
This should work:
<system.webServer>
<staticContent>
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json" />
</staticContent>
</system.webServer>
See also here: http://blogs.msdn.com/b/chaun/archive/2009/12/04/iis7-error-cannot-add-duplicate-collection-entry-of-type-mimemap-with-unique-key-attribute-fileextension.aspx
This doesn't make any difference to your overall IIS configuration, it just conditionally removes the mimeMap from the configuration of this particular site (as governed by this web.config) before adding it again.
You can create a startup task that adds the mime type on IIS level. This way you won't need to include it in your web.config:
"%windir%\System32\inetsrv\appcmd.exe" set config /section:staticContent /+"[fileExtension='.json',mimeType='application/json']"
exit /b 0

Disable IIS Request Filtering for certain paths

Is there any way I can have IIS 7.0+ (or 7.5+) configured such that for certain paths Request Filtering is completely disabled. That is,
http://host.local/foo/bar.cs
is forbidden (since serving *.cs files is explicitly forbidden in applicationHost.config), but
http://host.local/foo/allow-all/bar.cs
is allowed.
In your allow-all directory, you can create a web.config file with the following configuration:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".cs" />
</fileExtensions>
</requestFiltering>
</security>
<staticContent>
<mimeMap fileExtension=".cs" mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
This configuration removes the .cs extension from the request filtering. Additionally, for IIS to properly serve content, it needs a MIME type, so the .cs extension is added as text/plain.
These changes will also apply to all child directories of allow-all. This configuration works with an Integrated App Pool. Classic may require additional changes since there are HTTP handlers that explicitly disallow .cs as well.

Resources