0

We're building an application on the following stack:

  • .NET 4.6.1
  • ASP.NET MVC 5
  • IIS 8

We have people generating very long search filter query strings in our application. Currently the resulting GET requests result in an exception on the server. We'd like to warn them if their request string is going to be too long, rather than submitting an invalid GET request.

Our .js guy can shim AJAX requests to support length checking for the full URL and the querystring pretty easily. The problem is we don't want to assume we know the right maximum lengths for those values. We want to query the server to know what the maximum lengths for the URL and querystring are, and just use that dynamically on the client side.

I can build the Web API endpoint to return those values very easily, but I'm having trouble being certain I'm getting the right values. For example, I can read our configuration file directly and look for things like this:

<system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxUrl="2000" maxQueryString="2000" />
      </requestFiltering>
    </security>
</system.webServer>

However, I'm not certain that is really the authoritative place to look. I'm hoping somebody knows how to use C# to ask IIS the following questions and be certain of having the right answers:

  1. What is the maximum allowed URL length for a GET request to the current application?
  2. What is the maximum allowed querystring length for a GET request to the current application?
bopapa_1979
  • 8,949
  • 10
  • 51
  • 76
  • 1
    Why not just use AJAX POST rather than AJAX GET so you don't have to worry about query string length limitations? – NightOwl888 May 24 '16 at 21:10
  • Because we're sending requests to REST services and we want to stick to the indicated intention for each type of request. On our project, POST is for creating things. – bopapa_1979 May 24 '16 at 21:13

1 Answers1

1

Here's how you can read the config values - which can then be returned by your API:

var config = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
var section = config.GetSection("system.webServer");
var xml = section.SectionInformation.GetRawXml();
var doc = XDocument.Parse(xml);
var element = doc.Root.Element("security").Element("requestFiltering").Element("requestLimits");
var maxUrl = element.Attribute("maxUrl").Value;
var maxQs = element.Attribute("maxQueryString").Value;

Keep in mind though that the client (browser) will impose its own limit, as can proxy servers.

The below SO answer implies that you may have to set the limit in the httpRuntime element as well...although it is not explained why. See: How to configure the web.config to allow requests of any length

This article on www.asp.net may also be helpful in regards to more info increasing the allowable URL size: http://www.asp.net/whitepapers/aspnet4#0.2__Toc253429244

Community
  • 1
  • 1
JTech
  • 3,420
  • 7
  • 44
  • 51