request exceeds the configured maxQueryStringLength when using [Authorize]

C#Javascriptasp.net Mvc-3

C# Problem Overview

enter image description here
I have a MVC3 site in C#, I have a particular view being fed query parameters from a JavaScript function, the function redirects to the site via

> window.location.href = "../ActionName?" + query_string;

query_string being the dynamic query parameters string built by the JavaScript function.

The reason for this weirdness is that sometimes the same function passes the URL to an ASP.Net webform due to it having to use the reportviewer control, the alternate action is to save some parameters in this case it passes to the view. (Can elaborate more if that does not make sense)

The whole thing works fine until I introduce [Authorize] to the action method. Breaks if it is in place, works fine without, and [Authorize] works fine on all the other methods.

The whole URL in this case is 966 chars long, after research it seems that the maxQueryStringLength value is 2048 by default but can overridden to any value of type integer, so just for grins I added the

<security>
  <requestFiltering>
    <requestLimits maxQueryString="2048"></requestLimits>
  </requestFiltering>
</security>

key to the web config file under the key.

No joy there, so I got ridiculous and made it 4096, still no joy.

Now with the whole URL being 966 chars long, the authorize attribute cannot seriously be adding another 1082-3130 chars, so how can I determine what the error actually is, or why the setting is not taking effect.

VS2010 Pro SP1

C# Solutions

Solution 1 - C#

In the root web.config for your project, under the system.web node:

<system.web>
    <httpRuntime maxUrlLength="10999" maxQueryStringLength="2097151" />
...

In addition, I had to add this under the system.webServer node or I got a security error for my long query strings:

<system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxUrl="10999" maxQueryString="2097151" />
      </requestFiltering>
    </security>
...

Solution 2 - C#

When an unauthorized request comes in, the entire request is URL encoded, and added as a query string to the request to the authorization form, so I can see where this may result in a problem given your situation.

According to MSDN, the correct element to modify to reset maxQueryStringLength in web.config is the <httpRuntime> element inside the <system.web> element, see httpRuntime Element (ASP.NET Settings Schema). Try modifying that element.

Solution 3 - C#

For anyone else that may encounter this problem and it is not solved by either of the options above, this is what worked for me.

1. Click on the website in IIS
2. Double Click on Authentication under IIS
3. Enable Anonymous Authentication

I had disabled this because we were using our own Auth, but that lead to this same problem and the accepted answer did not help in any way.

Solution 4 - C#

i have this error using datatables.net

i fixed changing the default ajax Get to POST in te properties of the DataTable()

"ajax": {
        "url": "../ControllerName/MethodJson",
        "type": "POST"
    },
Categories
Recommended C# Solutions
Recommended Javascript Solutions
Recommended asp.net Mvc-3 Solutions

Previous Solution:

Format a JavaScript string using placeholders and an object of substitutions?

JavascriptJqueryStringString Formatting

Next Solution:

How to transition CSS display + opacity properties

CssCss Transitions

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionSabreView Question on Stackoverflow
Solution 1 - C#theJermView Answer on Stackoverflow
Solution 2 - C#counsellorbenView Answer on Stackoverflow
Solution 3 - C#dballView Answer on Stackoverflow
Solution 4 - C#elblogdelbetoView Answer on Stackoverflow