0

i have an issue with url lengths in iis7. If you go to:

http://www.somesite.com/myaccount/login.htm?ReturnUrl=aa2Fmyaccounta2FdefaultaaspxadnoaauserSuppliedIdentifierahttpa3Aa2Fa2Faaaaaaamaapenidacoma2Fadnoaareturnatoasigahandleaa7B633942228855348748a7Da7BaRINLQa3Da3Da7DadnoaareturnatoasigaxSa2FFPGusD7UvskGqfkJq4QtEYjc4fSVFoa2F3sXNwCBteGOBJ8mipo7yLsuSk2hEgLogbzn6SthYb0wY3pBQM1OQa3Da3Daopenidaassocahandleaa7BHMACaSHA256a7Da7B4b051c2ba7Da7ddufPa2BAa3Da3Da7Daopenidaclaimedaidahttpa3Aa2Fa2Faaaaaaaaaopbnidacoma2Faopenidaidentityahttpa3Aa2Fa2Faaaaaaaabcpenidacoma2Faopenidamodeaidaresaopenidansahttpa3Aa2Fa2Fspec

The page will load fine but if you add one more character to the end it will throw an error. This might seem abit picky to you but it's stopping me from using open id on my login form since it returns a long url. One option i did consider was changing the requestFiltering, therefore in my web.config i have the following:

<system.webServer>
    <security>
        <requestFiltering>
            <requestLimits maxQueryString="999999999" maxUrl="999999999" />
        </requestFiltering>
    </security>
</system.webServer>

But this did not resolve the issue. I'd appreciate it if someone could help. Thanks

Joel Etherton
  • 37,325
  • 10
  • 89
  • 104
nfplee
  • 7,643
  • 12
  • 63
  • 124

3 Answers3

3

nfplee - Are you using Ionics Isapi Rewrite Filter (IIRF) by any chance? I just ran into the same issue where long urls always returns a 404.

If I disable IIRF everything works fine.

PeteE
  • 31
  • 2
  • Hi, i think this may have been the problem. I had this installed on the server that was causing the issue but it seems to have disappeared on my newest server (which doesn't have it installed). It's been so long since i had this problem though i can't remember exactly. – nfplee Jun 14 '11 at 15:50
1

You may do something in web.config as follows.

<system.web>
  <httpRuntime maxUrlLength="4000"/>
</system.web>
Firnas
  • 1,665
  • 4
  • 21
  • 31
1

This is a limitation of Windows and there is currently no workaround

See this StackOverflow article for more information:

ASP.NET url MAX_PATH limit

Community
  • 1
  • 1
Justin
  • 84,773
  • 49
  • 224
  • 367
  • Seems strange that there would be a .net open id library when it can't be used. Maybe this will be fixed in v4. – nfplee Nov 20 '09 at 14:20
  • This Windows limitation does not apply. That limitation only applies to the URI *path*. In this example, the path is actually quite short -- it's just that it has a very long *querystring*, which Windows has no problem with or interest in. – Andrew Arnott Nov 20 '09 at 14:26
  • Oh, snap. I was looking at the wrong path. There's the path of the original URI itself, and then there's the value of the ReturnTo that becomes the path. – Andrew Arnott Nov 20 '09 at 14:28
  • Why does this make an OpenID library unusable? It looks like this is a contrived example, and the returnurl should never be that long -- it's not a valid path to a file on your server anyway. – Andrew Arnott Nov 20 '09 at 14:31
  • I modified the query string to work out the limit i could push it to. If you navigate to the same page (without the query string) then there's an open id form. When you try to login with that you get the same problem. – nfplee Nov 23 '09 at 13:05