Allow ASP.NET Core & IIS to Handle Large File Uploads

Updated on 21st November 2020

Both ASP.NET 5/CORE 3 & IIS limit the size of uploaded files, which means that depending on the versions that you are using, you might see files as small as 30mb being rejected during upload.

This is likely a security "feature" to prevent abusive users from uploading files too large for your server to handle.

Possible error's you might encounter include:

  • BadHttpRequestException: Request body too large.
  • The page was not displayed because the request entity is too large

The problem is that you may need to extend the upper limit on file upload size, if you expect your users to send upload bigger files such as videos or raw images.

Luckily it only takes a couple of minutes to make the required changes to ASP.NET 5/Core & IIS so that users can upload files larger than 30mb. Note that if you're using a web server such as Nginx or Apache then you can skip the IIS instructions, however you may need to make separate changes for those web servers.

ASP.NET 5 & Core: Allow Large File Uploads

Start by opening your startup.cs file and add the below code snippet to your ConfigureServices method, while making sure to adjust the values accordingly based on what you wish the maximum upload size to be.

I've set the max size to 700mb because my users will upload videos, but you might set this to something much smaller if your users are uploading images or similar.

            services.Configure<FormOptions>(x =>
            {
                x.ValueLengthLimit = 5000; // Limit on individual form values
                x.MultipartBodyLengthLimit = 737280000; // Limit on form body size
                x.MultipartHeadersLengthLimit = 737280000; // Limit on form header size
            });
            services.Configure<IISServerOptions>(options =>
            {
                options.MaxRequestBodySize = 837280000; // Limit on request body size
            });

IIS: Allow Large File Uploads

Add the requestFiltering tag to the web.config file thats located in the root of your project. If the file doesn’t already exist, then you may need to create it manually.

<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <!-- This will handle requests up to 700MB -->
        <requestLimits maxAllowedContentLength="737280000" />
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>

Final Considerations

We must remember that the file upload limit is in place for a reason. By setting the value too high, you risk malicious people uploading too much data and causing problems for legitimate users, this is especially important to think about on systems that allow uploads from anonymous people. Maybe you can also think about rate limiting uploads to only allow a few uploads per user in a short span of time.

It's a good idea to also document the max file size somewhere and enforce the same limit on both your app & IIS. This consistency will make it easier to make changes in the future. You really don't want to be in a situation down the line where there's confusion about what the max file size is, and where.


Article Categories: # iis # asp.net # c# # .net
Date Created: 6/6/2020
Date Last Updated: 11/21/2020

About

A tech blog by Andy P. I talk about coding, enterprise software development, tech, games design & other things that interest me.

Signup To The Newsletter

I try to post a new interesting article every saturday.