2

I have this code that uploads a file. My problem is that AuthorizationCheck fires only after the file is uploaded. If the file is larger than 20MB the AuthorizationCheck will not fire at all and the request will return 404. Is it possible to validate the request headers before the file steam is sent? If the request is not authorized then the file should be blocked from uploading to the server. Also it is not clear why when I upload a large file it is being uploaded fully and only then 404 is being returned...

            [RequestSizeLimit(21_000_000)]
            [Authorize(Policy = "AuthorizationCheck")]
            public async Task<IActionResult> Upload(IFormFile file)
            {
    
                using (var stream = file.OpenReadStream())
                {
                    await StoreFileAsync(stream);
                }
             }
realPro
  • 1,713
  • 3
  • 22
  • 34

1 Answers1

1

[RequestSizeLimit(21_000_000)] limit your resquest can't exceed 20MB, you may use [DisableRequestSizeLimit] instead.

In addition, there's also a limit that's imposed by IIS, which is 30MB by default. When this size limit is exceeded, IIS itself generates a 404 response. To change the limit of IIS, you should custom a Web.configure.

For more details, you can refer to this answer.

Updata

You can access the request headers in a custom middleware :

app.Use(async (context, next) =>
{
    var header = context.Request.Headers["XXX"];

    //do something
    
    await next();
});
mj1313
  • 7,930
  • 2
  • 12
  • 32
  • Thanks, but I don't care about the Request Size. The question is about Request Headers. – realPro Jul 27 '20 at 14:31
  • Unfortunately your answer did not work. The middleware is fired only the after the file is uploaded. In case of a large file that exceeds the size limit, the middleware is not fired at all. I wan't to block the file upload before it happens, not after. – realPro Jul 28 '20 at 12:00