Question
I get "HTTP Error 400. The request verb is invalid." error when I do a large size (1MB) post in an application created with ASP.NET Core.
This problem only occurs with Firefox, and only when https is enabled and Windows authentication is used.
I would like to know how to solve this size limitation.
Occurrence condition
- FireFox
- IIS (with ASP.NET Core application)
- https
- Windows Authentication
- Large size (1MB) post
What I have checked
Code for verification
Form.cs
public class Form
{
public string Value { get; set; }
}
Controller.cs
public class HomeController : Controller
{
[Authorize]
[HttpGet]
public IActionResult Index(int? size)
{
return View(new Form { Value = new string('X', size ?? 1024 * 1024) });
}
[Authorize]
[HttpPost]
public IActionResult Index(Form form)
{
return View(form);
}
}
Index.cshtml
@model WebApplication.Models.Form
@{
ViewData["Title"] = "Home Page";
}
<div>@Model.Value.Length</div>
<form method="post" asp-antiforgery="false">
<input type="hidden" asp-for="Value"/>
<button type="submit">Post</button>
</form>
Startup.cs
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(IISDefaults.AuthenticationScheme);
services.AddControllersWithViews();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseDeveloperExceptionPage();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
Browser Differences
- Chome 87.0 ??
- IE 11 ??
- FireFox 60.8 ESR ??
- FireFox 84.0.2 ??
protocols and authentication firrerence
- FireFox 84.0.2 + https + Anonymous Authentication ??
- FireFox 84.0.2 + http + Windows Authentication ?? (HTTP Error 400. The size of the request headers is too long.)
Size boundaries
"Value=" length 6 + 1048570 = 1MB.
Unidentified points
- Error 400 is server error, but that there are differences between browsers.
- The error message is "The request verb is invalid", which means the "verb" is wrong.
- Server header is "Microsoft-HTTPAPI/2.0", is it an error in http.sys and not IIS?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…