Base solution for your next web application
Open Closed

Request filtering - Query string is too long #1146


User avatar
0
doubledp created

Hi,

I have setup IIS's authentication by enabling Windows Authentication and disabling Anonymous Authentication. When browsing the site I get presented with the following error message:

The request filtering module is configured to deny a request where the query string is too long

Here is the generated URL upon login:

http://localhost:80/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FAccount%252525252525252525252525252525252525252FLogin%252525252525252525252525252525252525253FReturnUrl%252525252525252525252525252525252525253D%25252525252525252525252525252525252525252F

How do I fix this?


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Does your initial url which you write to browser contains returnUrl parameter ?

  • User Avatar
    0
    hikalkan created
    Support Team

    I suppose that your Login action somehow recursively calls itself. If you deny to all anonymous requests, how to go to login page?

  • User Avatar
    0
    doubledp created

    Just to give some context...

    This is a intranet site and should only allow domain users access. In the web.config the database connection has been set as a trusted connection, which from what I understand indicates that it will be using Integrated Security (AKA Windows Authentication). In the core module, I have also set Multi Tenancy to false and enabled LDAP authentication. The web application is running on one server with the database running on a remote server Both of the servers are on the domain

    Maybe I am misunderstanding something, but surely it must take me to the Login page for me to enter AD account details which would then be passed to the remote SQL server?

    I think I may have found where It is generating the recursive ReturnURL, but don't know how to fix this. Please see below:

    public virtual async Task<JsonResult> Login(LoginViewModel loginModel, string returnUrl = "", string returnUrlHash = "")
            {
                CheckModelState();
    
                _unitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant);
    
                var loginResult = await GetLoginResultAsync(loginModel.UsernameOrEmailAddress, loginModel.Password, loginModel.TenancyName);
    
                if (loginResult.User.ShouldChangePasswordOnNextLogin)
                {
                    loginResult.User.SetNewPasswordResetCode();
    
                    return Json(new MvcAjaxResponse
                    {
                        TargetUrl = Url.Action(
                            "ResetPassword",
                            new ResetPasswordViewModel
                            {
                                UserId = SimpleStringCipher.Encrypt(loginResult.User.Id.ToString()),
                                ResetCode = loginResult.User.PasswordResetCode
                            })
                    });
                }
    
                await SignInAsync(loginResult.User, loginResult.Identity, loginModel.RememberMe);
    
                if (string.IsNullOrWhiteSpace(returnUrl))
                {
                    returnUrl = Url.Action("Index", "Application");
                }
    
               ]if (!string.IsNullOrWhiteSpace(returnUrlHash))
                {
                    returnUrl = returnUrl + returnUrlHash;
                }
    
                return Json(new MvcAjaxResponse { TargetUrl = returnUrl });
            }
    

    As a side note, I have specified a RedirectToAction("Index", "Application") within the Index method of the Home controller to take me directly to the web app instead of the landing page. Could this have something to do with the problem I am be presented with?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    On the IIS Manager, under feature delegation, Authentication should have read/write delegation. After that, you will be able to see login page.

    But i didn't test the rest with ldap login, please test and share your result :).