Reputation: 2610
HTTP Error 404.15 The request filtering module is configured to deny a request where the query string is too long
I have created a brand new web form application from Visual Studio 2013 and set the following in the web.config file:
<authentication mode="Forms">
<forms defaultUrl="~/Home.aspx" loginUrl="~/Login.aspx"
slidingExpiration="true" timeout="2880" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
When I run the project I get 404.15 error.
This is not an MVC site.
I found a similar error that said I need to remove the "deny users" but I don't want to do that.
I need all users to be directed to the login page if they have not authenticated.
* New Asp.Net MVC5 project produces an infinite loop to login page *
I also tried this but I get "This webpage has a redirect loop"
* How to configure the web.config to allow requests of any length *
EDIT: Added more links to explain the problem.
So I found and article about login page loops.
* http://erlend.oftedal.no/blog/?blogid=55 *
So if I add a break point on the ProcessRequest I can see that there is an infinite loop calling the Login.aspx page.
So the problem does not seem to be that the URL is too long but more likely that there is an infinite loop calling the Login.aspx page.
If I place a breakpoint on the Page_Load in side the Login.aspx page, the breakpoint never gets hit.
There must be something higher up causing the redirect.
Upvotes: 5
Views: 16025
Answers (2)
Reputation: 2610
Here is how I got it to work.
- Excluded all the items under the
Accountfolder exceptLogin.aspx - Excluded
IdentityConfigandStartup.Authunder theApp_Startfolder - Excluded
IdentityModelsunder theModelsfolder - Excluded
Startupunder therootfolder of the application - Commented out all the code under
Page_LoadandLogIninside theLogin.aspxcode file - Commented out code with
OpenAuthProvidersin theLogin.aspxmarkup - Added the following key to the
appSettingssection inside theweb.configfile
<add key="owin:AutomaticAppStartup" value="false" />
Upvotes: 5
Reputation: 1423
The solution it's not completely deactivating the whole authentication system.
The problem may be caused by the access control not correctly setting Login.aspx permission when using the FriendlyUrls module. So you must force the permissions also for the Login page by it's "friendly" name. In the folder where login page it's stored, possibly will already be a web.config file that you may setup like this:
<?xml version="1.0"?>
<configuration>
...
<location path="Login">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
...
</configuration>
Note: Take care with other pages currently in the same folder and setup accesses accordingly.
Upvotes: 4
Related Questions
- HTTP Error 404.15 - Not Found ...because the query string is too long
- IIS7 - The request filtering module is configured to deny a request that exceeds the request content length
- Getting HTTP 404.15 Error - Not Found ...because the query string is too long
- The length of the query string for this request exceeds the configured maxQueryStringLength value
- How to fix error "The request filtering module is configured to deny a request where the query string is too long"
- How do I resolve the "maximum request length exceeded" exception?
- Access Denied query string too long
- Maximum Request Length Exceeded Errors
- •Request filtering is configured for the Web server and the file extension for this request is explicitly denied
- passing and getting too large query string in asp.net