<appSettings>
<add key="myKeyName" value="DFG&y:yd%yeZ" />
</appSettings>
I have a web.config file in an ASP.NET MVC application. In my appSettings section, i have a key whose value contains a character that makes the web.config invalid.
The character is the "&" in value="DFG&y:yd%yeZ", if i remove it, the app works fine, when i put it back i get the error below.
Configuration Error Description: An error occurred during the processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.
Parser Error Message: An error occurred while parsing EntityName. Line
25, position 61.
And my key below is highlighted in red.
<add key="myKeyName" value="DFG&y:yd%yeZ" />
Is the "&" prohibited in the a web.config's appSettings key Value?
You need to replace the special char "&" by:
&
Here is a list of special chars
Related
I have a JS file which returns a HTTP Error 414.0 - URL Too Long.
The URL isn't particularly long - http://beta.abcdefg.abc.ab/abcdef/abcdefgh.js
I am suspecting that maybe the physical path is too long, but it's only 91 characters -
\abcdefsitestorage.file.core.windows.net\iisfarm\Websites\asp\asp-apps\abcdef\abcdefgh.js
(examples are same length and structure of real URL)
I have experimented with settings in the web.config but they have made no difference
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" maxRequestLength="2147483647" executionTimeout="1200" maxQueryStringLength="2097151" maxUrlLength ="65536" relaxedUrlToFileSystemMapping="true"/>
and
<security>
<requestFiltering>
<requestLimits maxUrl ="65536" maxAllowedContentLength="4294967295" maxQueryString ="2097151" />
</requestFiltering>
</security>
I've now run out of ideas so if anyone can point me in the right direction that would be great!
Edit:
Confirmed that issue is with IIS. Server response header is Server: Microsoft-IIS/10.0
Currently attempting to get FRT running, it isn't logging anything at the moment.
<system.webServer>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="WWW Server" areas="Rewrite,Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
</traceAreas>
<failureDefinitions statusCodes="100-900" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
Edit 2:
I've been doing some more testing and in this particular location it errors wit 414 for .js, .css and .txt files but it doesn't error with .aspx files.
Is there a separate location that non-aspx files have limits set?
Edit 3:
It is also giving a 414 error even if the target file doesn't exist!
This error is actually thrown from http.sys, not from IIS. The error gets thrown before the request is passed along to IIS in the request-handling pipeline.
To verify this, you can check the Server header value in the HTTP
response headers, as per https://stackoverflow.com/a/32022511/12484.
To get https.sys to accept longer request URLs without throwing the HTTP 414 error, in the Windows Registry on the server PC, at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters, create a DWORD-type value with name MaxFieldLength and value sufficiently large, e.g. 65535.
Reference: Http.sys registry settings for Windows
More information you can refer to this link: https://stackoverflow.com/a/34638320/13336642.
I've worked it out.
The 414 error was a complete red herring.
It was a permissions issue with a virtual directory. It was using pass through authentication which seemed to work fine for .aspx pages but not for any other file type.
I have now specified a specific user to connect as and it all works.
In my MVC appilcation, to Encrypt my userid in querystring, i added following code lines:
return HttpUtility.UrlEncode(Encryption.Encrypt(ui.UserId.ToString()));
and
Users user = new Users(Conversion.ParseInt(Encryption.Decrypt(HttpUtility.UrlDecode(ID.ToString()))));
First i got this error
The request filtering module is configured to deny a request that contains a double escape sequence. which i fixed by adding configuration/system.webServer/security/requestFiltering#allowDoubleEscaping setting in web.confg file.
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
then it start working on local, when i moved this code to production then getting this error:
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
I have a web.config file, in connection string attribute, I have an '&' in password which creates error in parsing web.config file.
code:
<connectionStrings>
<clear/>
<add name="FamefaceDB" connectionString="Data Source=ec2-204-236-162-54.us-west-1.compute.amazonaws.com;Initial Catalog=famefacedb;User ID=Administrator;Password= t2kfPcn6?D& "/>
</connectionStrings>
The '&' in password is illegal and says hexadecimal value is illegal in XML file.
Is there any solution to this?
XML is XML and web.config must be valid XML - a "literal" & must be written as &1
Compare with the correct entity encoding:
<add connectionString="..;Password=t2kfPcn6?D&"/>
1See Which are the HTML, and XML, special characters? (linked by Noel in a comment) for the gritty details.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Sections must only appear once per config file. See the help topic for exceptions.
<connectionStrings>
<add name="testEntities" connectionString="metadata=res://*/Models.Model1.csdl|res://*/Models.Model1.ssdl|res://*/Models.Model1.msl;provider=System.Data.SqlClient;provider connection string="Data Source=ROCKER\SQLSERVER2008;Initial Catalog=test;User ID=sunny;Password=sunnyconnected;MultipleActiveResultSets=True""
providerName="System.Data.EntityClient" />
<add name="DbConnection" connectionString="Data Source=Test\sqlserver2008;database=test;User ID=sunny;Password=sunnyconnected" providerName="System.Data.SqlClient"/>
This Connection String Set in Root Web.config File then it give runtime Above Mention Error.How it Can be Handle And Set in Asp.Net MVC2.
"connectionStrings" section should appear only once in a config file. Check if you have added it twice.
I'm going through some of the crawl errors on an MVC application I maintain, and found a 404 error for a URL that looked like it should be valid.
The URL is of the format: /gifts/{categoryName}/{productName}/{productId}/
For some reason, when the productName is set to the value "con" I just get a 404 error. Any other value (different or same length of string) and it seems to work fine.
Has anyone ever seen anything like this before?
con is a reserved word and therefore cannot be put in an MVC route
You need to add the following to your web.config:
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
<!-- ... your other settings ... -->
</system.web>
</configuration>
See this article for more information:
Putting the Con (COM1, LPT1, NUL, etc.) Back in your URLs