Understanding Asp.net 2.0 FileUpload Control

How to increase the max upload file size in ASP.NET?

<system.web>
    <httpRuntime executionTimeout="3600" maxRequestLength="102400" 
     appRequestQueueLimit="100" requestValidationMode="2.0"
     requestLengthDiskThreshold="10024000"/>
</system.web>

http://www.codeproject.com/Articles/20023/ASP-NET-2-0-FileUpload-Server-Control

Understanding File Size Limitations

Your end users might never encounter an issue with the file upload process in your application, but you should be aware that some limitations exist. When users work through the process of uploading files, a size restriction is actually sent to the server for uploading. The default size limitation is 4MB (4096KB); the transfer fails if a user tries to upload a file that is larger than 4096KB.

A size restriction protects your application. You want to prevent malicious users from uploading numerous large files to your Web server in an attempt to tie up all the available processes on the server. Such an occurrence is called a “denial of service attack.” It ties up the Web server’s resources so that legitimate users are denied responses from the server.

One of the great things about .NET, however, is that it usually provides a way around limitations. You can usually change the default settings that are in place. To change the limit on the allowable upload file size, you make some changes in either the web.config.comments file (found in the ASP.NET 2.0 configuration folder atC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG) or in your application’s web.config file.

In the web.config.comments file, find a node called <httpRuntime>. In this file, you see that the default allowable file size is dictated by the actual request size permitted to the Web server (4096KB). The <httpRuntime> section of theweb.config.comments file is shown in Listing 2.

Listing 2: Changing the File Size Limitation Setting in the web.config File

 Collapse | Copy Code
<httpRuntime 
 executionTimeout="110" 
 maxRequestLength="4096" 
 requestLengthDiskThreshold="80" 
 useFullyQualifiedRedirectUrl="false" 
 minFreeThreads="8" 
 minLocalRequestFreeThreads="4" 
 appRequestQueueLimit="5000" 
 enableKernelOutputCache="true" 
 enableVersionHeader="true" 
 requireRootedSaveAsPath="true" 
 enable="true" 
 shutdownTimeout="90" 
 delayNotificationTimeout="5" 
 waitChangeNotification="0" 
 maxWaitChangeNotification="0" 
 enableHeaderChecking="true" 
 sendCacheControlHeader="true" 
 apartmentThreading="false" />

You can do a lot with the <httpRuntime> section of the web.config file, but two properties — themaxRequestLength and executionTimeout properties — are especially interesting.

The maxRequestLength property is the setting that dictates the size of the request made to the Web server. When you upload files, the file is included in the request; you alter the size allowed to be uploaded by changing the value of this property. The value presented is in kilobytes. To allow files larger than the default of 4MB, change themaxRequestLength property as in the following: maxRequestLength="11000".

This example changes the maxRequestLength property’s value to 11,000KB (around 10MB). With this setting in place, your end users can upload 10MB files to the server. When changing the maxRequestLength property, be aware of the setting provided for the executionTimeout property. This property sets the time (in seconds) for a request to attempt to execute to the server before ASP.NET shuts down the request (whether or not it is finished). The default setting is 90 seconds. The end user receives a timeout error notification in the browser if the time limit is exceeded. If you are going to permit larger requests, remember that they take longer to execute than smaller ones. If you increase the size of the maxRequestLength property, you should examine whether to increase theexecutionTimeout property as well.

If you are working with smaller files, it’s advisable to reduce the size allotted for the request to the Web server by decreasing the value of the maxRequestLength property. This helps safeguard your application from a denial of service attack.

Making these changes in the web.config.comments file applies this setting to all the applications that are on the server. If you want to apply this only to the application you are working with, apply the <httpRuntime> node to theweb.config file of your application, overriding any setting that is in the web.config.comments file. Make sure this node resides between the <system.web> nodes in the configuration file.

404 Errors with FileUpload with IIS7

I was getting some 404 errors while using the FileUpload control. I tested it out on my local machine and  using

<system.web>
<httpRuntime maxRequestLength=”256000″/> <!– request length is in kilobytes –>
</system.web>

worked fine. But once I moved it onto IIS7 everything started freaking out. Turns out IIS7 look for a different setting:

<system.webServer>
<security>
<requestFiltering><requestLimits maxAllowedContentLength=”262144000″ /></requestFiltering> <!– maxAllowedContentLength is in bytes. Defaults to 30,000,000 –>
</security>
</system.webServer>

My searches really only directed me to modifying the system.web, so hopefully this will help someone out.

404 error when uploading large files (4mb+) – asp.net

http://stackoverflow.com/questions/14511798/404-error-when-uploading-large-files-4mb-asp-net

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: