4

I wish to transfer 100 MB of data from a client application to a WCF service. I've set readerQuotas in my web.config but I read an article where they suggested Request Limits which is briefly explained in http://www.iis.net/configreference/system.webserver/security/requestfiltering/requestlimits the exact property is maxAllowedContentLength.

I would like to know what are the differences, please.

readerQuotas

<system.serviceModel>

  <bindings>
    <basicHttpBinding>

      <binding name="PowerTransmissionBinding" closeTimeout="01:00:00" openTimeout="01:00:00" receiveTimeout="01:00:00" sendTimeout="01:00:00"
      maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" transferMode="StreamedRequest" messageEncoding="Mtom">

        <readerQuotas maxDepth="32" maxBytesPerRead="200000000"
        maxArrayLength="200000000" maxStringContentLength="200000000" />

        </binding>
      </basicHttpBinding>
  </bindings>
</system.serviceModel>

requestLimits

<security>
  <requestFiltering>
    <requestLimits maxAllowedContentLength="2000000000" />
  </requestFiltering>
</security>
emerson.marini
  • 9,331
  • 2
  • 29
  • 46

1 Answers1

9

requestLimits is a web server level setting. When request comes with ContentLength (or url length) which exceeds the limit you set there - request is immediatly rejected with 404 error, it will not even get into WCF pipeline. So, this configuration setting is not related to WCF at all. Note that it limits the overall length of request, whatever is inside the request does not matter.

readerQuotas is WCF level setting. It puts various restrictions on the size of SOAP messages which can be processed by WCF endpoint. Note that now it's about SOAP (so, xml) message and not about overall length of request. Those settings basically needed to prevent various kinds of Denial Of Service attacks against your service using xml messages prepared in a special way.

maxArrayLength - maximum size of array xml reader may return while reading the message. This includes byte arrays. WCF will stop reading message and reject request if it reads an array bigger that this. If you attach files to your WCF requests using something like byte[] properties on your data contact class - this is the setting which will limit the size of such file (but better not attach files in this way).

maxDepth - maximum nesting of xml elements in message.

maxNameTableCharCount - reader will store some information (such as namespaces and namespace prefixes) in memory while reading the message. This limits the size of such in-memory table.

maxStringContentLength - maximum length of a string inside SOAP message. Suppose you have DataContract class with some string DataMember property. If during deserializing it happens that this string exceeds the limit - message would be rejected.

maxBytesPerRead - basically maximum length of any xml element (including all it's children).

Evk
  • 98,527
  • 8
  • 141
  • 191
  • You maybe forgot the framework http settings. http://stackoverflow.com/a/6472631/1498669 – Bernhard Dec 13 '16 at 10:01
  • IIS also restricts setting ` – Dai Oct 09 '19 at 02:30
  • @Bernhard Those settings do not apply if you're hosting WCF outside of ASP.NET. – Dai Oct 09 '19 at 02:31
  • Question: do the `` properties apply to non-SOAP services using `webHttpBinding` and `` ? Looking online I'm seeing users reporting hitting request limits with REST+JSON services (so no SOAP) despite Microsoft's documentation for `` saying it's only for SOAP. – Dai Oct 09 '19 at 02:40
  • Update: I did some digging with Reflector+ILSpy and found out some (but not all) settings are shared by an internal `XmlJsonReader` (which WCF uses to process JSON) - and that the `` configuration element is used by all of WCF's bindings/protocols, including `` for REST services. – Dai Oct 09 '19 at 03:01