Tuesday, 10 February 2015

Brain Dump 6 - Allow requests of any length in IIS

The same request from two different browsers to a custom WCF service.

First in Firefox:

http://devbox.dev.com:8732/Mock.svc/Mock/GetPartNumber?data=N^99ac52cd-142b-4b84-8b8e-849e320ee8cc^GetPartNumber^%3Ccontent%3E%3CGetPartNumber%3E%3Cid%3E99ac52cd-142b-4b84-8b8e-849e320ee8cc%3C/id%3E%3CsupplierDetails%3E%3CsupplierNameLine1%3EsupplierNameLine1%3C/supplierNameLine1%3E%3CsupplierNameLine2%3EsupplierNameLine2%3C/supplierNameLine2%3E%3CsupplierAddressLine1%3EsupplierAddressLine1%3C/supplierAddressLine1%3E%3CsupplierAddressLine2%3EsupplierAddressLine2%3C/supplierAddressLine2%3E%3CsupplierAddressLine3%3EsupplierAddressLine3%3C/supplierAddressLine3%3E%3CsupplierAddressLine4%3EsupplierAddressLine4%3C/supplierAddressLine4%3E%3CsupplierTownOrCity%3EsupplierTownOrCity%3C/supplierTownOrCity%3E%3CsupplierCounty%3EsupplierCounty%3C/supplierCounty%3E%3CsupplierCountry%3EsupplierCountry%3C/supplierCountry%3E%3CsupplierPostCode%3EsupplierPostCode%3C/supplierPostCode%3E%3C/supplierDetails%3E%3CcustomerDetails%3E%3CcustomerName%3EcustomerName%3C/customerName%3E%3CaddressLine1%3EaddressLine1%3C/addressLine1%3E%3CaddressLine2%3EaddressLine2%3C/addressLine2%3E%3CaddressLine3%3EaddressLine3%3C/addressLine3%3E%3CaddressLine4%3EaddressLine4%3C/addressLine4%3E%3CtownOrCity%3EtownOrCity%3C/townOrCity%3E%3Ccounty%3Ecounty%3C/county%3E%3Ccountry%3EUnited%20Kingdom%3C/country%3E%3CpostCode%3EpostCode%3C/postCode%3E%3C/customerDetails%3E%3CvatNumber%3EGB12345%3C/vatNumber%3E%3CdocumentNumberPrefix%3ESIA%3C/documentNumberPrefix%3E%3CdocumentNumber%3E1%3C/documentNumber%3E%3CtransactionNumber%3E1%3C/transactionNumber%3E%3CdateDocumentRaised%3E2014-09-19%3C/dateDocumentRaised%3E%3CdescriptionOfItemSold%3EdescriptionOfItemSold%3C/descriptionOfItemSold%3E%3CquantitySold%3E1%3C/quantitySold%3E%3CitemCostNet%3E80.00%3C/itemCostNet%3E%3CtotalNetCostOfItems%3E80.00%3C/totalNetCostOfItems%3E%3CnetTotal%3E80.00%3C/netTotal%3E%3CnetDiscount%3E0.00%3C/netDiscount%3E%3CvatRate%3E25.00%3C/vatRate%3E%3CvatAmount%3E20.00%3C/vatAmount%3E%3CgrossTotal%3E100.00%3C/grossTotal%3E%3CformatDocumentNumber%3ESIA000000001%3C/formatDocumentNumber%3E%3CgenesesData%3E%3CbookingReference%3E79bbec92-5bca-44d2-8e61-bde366a0379b%3C/bookingReference%3E%3C/genesesData%3E%3C/GetPartNumber%3E%3C/content%3E

This is approximately 2193 characters and thus bytes, assuming ascii encoding

An now in IE:

http://devbox.dev.com:8732/Mock.svc/Mock/GetPartNumber?data=N^99ac52cd-142b-4b84-8b8e-849e320ee8cc^GetPartNumber^<content><GetPartNumber><id>99ac52cd-142b-4b84-8b8e-849e320ee8cc</id><supplierDetails><supplierNameLine1>supplierNameLine1</supplierNameLine1><supplierNameLine2>supplierNameLine2</supplierNameLine2><supplierAddressLine1>supplierAddressLine1</supplierAddressLine1><supplierAddressLine2>supplierAddressLine2</supplierAddressLine2><supplierAddressLine3>supplierAddressLine3</supplierAddressLine3><supplierAddressLine4>supplierAddressLine4</supplierAddressLine4><supplierTownOrCity>supplierTownOrCity</supplierTownOrCity><supplierCounty>supplierCounty</supplierCounty><supplierCountry>supplierCountry</supplierCountry><supplierPostCode>supplierPostCode</supplierPostCode></supplierDetails><customerDetails><customerName>customerName</customerName><addressLine1>addressLine1</addressLine1><addressLine2>addressLine2</addressLine2><addressLine3>addressLine3</addressLine3><addressLine4>addressLine4</addressLine4><townOrCity>townOrCity</townOrCity><county>county</county><country>United Kingdom</country><postCode>postCode</postCode></customerDetails><vatNumber>GB12345</vatNumber><documentNumberPrefix>SIA</documentNumberPrefix><documentNumber>1</documentNumber><transactionNumber>1</transactionNumber><dateDocumentRaised>2014-09-19</dateDocumentRaised><descriptionOfItemSold>descriptionOfItemSold</descriptionOfItemSold><quantitySold>1</quantitySold><itemCostNet>80.00</itemCostNet><totalNetCostOfItems>80.00</totalNetCostOfItems><netTotal>80.00</netTotal><netDiscount>0.00</netDiscount><vatRate>25.00</vatRate><vatAmount>20.00</vatAmount><grossTotal>100.00</grossTotal><formatDocumentNumber>SIA000000001</formatDocumentNumber><genesesData><bookingReference>79bbec92-5bca-44d2-8e61-bde366a0379b</bookingReference></genesesData></GetPartNumber></content>

This is approximately 1863 characters and thus bytes, assuming ascii encoding

This means that the first request makes IIS choke and the second one works fine, as it's below the 2 KB limit

There is a relatively simple solution. Modify the web.config of the WCF service, where length is the number of bytes:

<system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxQueryString="length"/>
    </requestFiltering>
  </security>
</system.webServer>

No comments:

Post a Comment