|
Home > Archive > IIS Server Security > March 2007 > IE Content-Length 0: IIS Security Config Causes Post Data Failure
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IE Content-Length 0: IIS Security Config Causes Post Data Failure
|
|
| Skorccio 2007-03-28, 1:19 am |
| A particular scenario of IIS security settings causes a problem with IE
browsers (v6 & v7) whereby no post data is sent to the server and the http
header content-length is set to 0.
To reproduce this behaviour, follow the steps below:
1) Create a web application with a default.aspx page containing a button
such as,
<asp:Button ID="testsubmit" runat="server" Text="test" />
2) Add the following code in the page_load event handler,
if (this.IsPostBack)
Response.Write("IsPostBack = true");
else
Response.Write("IsPostBack = false");
3) Set the home directory of the root website in iis6.0 to point to the
above web application.
4) Set the root website (i.e. localhost) to iis integrated windows
authentication.
5) Create a virtual directory below this (i.e. localhost/subdomain1) with
the home directory pointing to the same folder as the root.
6) Set the virutal directory (i.e. subdomain1) to iis anonymous access.
7) Create another virtual directory below the root (i.e.
localhost/subdomain2) with the home directory pointing to the same folder as
the root.
8) Set the virutal directory (i.e. subdomain2) to iis integrated windows
authentication. (we now have 3 identical web applications with one sub domain
configured to anonymous access whilst the other two set to windows integrated
authentication)
9) Open up IE v6 or v7.
10) Request the root website (i.e. localhost)
11) Submit form
12) Observe response value 'true'.
13) Request the virtual direcotry (i.e. localhost/subdomain1)
14) Submit form
15) Observe response value 'true'.
16) Request the virtual direcotry (i.e. localhost/subdomain2)
17) Submit form
18) Observe response value 'false'.
19) Repeat steps 9-17 with Firefox v2.
Conclusion
Content-length set to 0 by IE, no post data sent
This behaviour can not be reproduced in Firefox v2.
Any ideas why this ocurrs in IE?
| |
| David Wang 2007-03-28, 1:19 am |
| This well known.
http://support.microsoft.com/?id=251404
Here is an explanation:
http://blogs.msdn.com/david.wang/ar...entication.aspx
For the same reason that you complain about IE POSTing zero bytes, you
can complain that FireFox wastes bandwidth on authenticated requests
since the having/lacking the optimization causes both behaviors. It's
just that people tend to notice the IE behavior when doing custom
authentication (which while popular is often non-kosher).
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Mar 27, 5:11 pm, Skorccio <Skorc...@discussions.microsoft.com>
wrote:
> A particular scenario of IIS security settings causes a problem with IE
> browsers (v6 & v7) whereby no post data is sent to the server and the http
> header content-length is set to 0.
>
> To reproduce this behaviour, follow the steps below:
>
> 1) Create a web application with a default.aspx page containing a button
> such as,
> <asp:Button ID="testsubmit" runat="server" Text="test" />
> 2) Add the following code in the page_load event handler,
> if (this.IsPostBack)
> Response.Write("IsPostBack = true");
> else
> Response.Write("IsPostBack = false");
> 3) Set the home directory of the root website in iis6.0 to point to the
> above web application.
> 4) Set the root website (i.e. localhost) to iis integrated windows
> authentication.
> 5) Create a virtual directory below this (i.e. localhost/subdomain1) with
> the home directory pointing to the same folder as the root.
> 6) Set the virutal directory (i.e. subdomain1) to iis anonymous access.
> 7) Create another virtual directory below the root (i.e.
> localhost/subdomain2) with the home directory pointing to the same folder as
> the root.
> 8) Set the virutal directory (i.e. subdomain2) to iis integrated windows
> authentication. (we now have 3 identical web applications with one sub domain
> configured to anonymous access whilst the other two set to windows integrated
> authentication)
> 9) Open up IE v6 or v7.
> 10) Request the root website (i.e. localhost)
> 11) Submit form
> 12) Observe response value 'true'.
> 13) Request the virtual direcotry (i.e. localhost/subdomain1)
> 14) Submit form
> 15) Observe response value 'true'.
> 16) Request the virtual direcotry (i.e. localhost/subdomain2)
> 17) Submit form
> 18) Observe response value 'false'.
> 19) Repeat steps 9-17 with Firefox v2.
>
> Conclusion
>
> Content-length set to 0 by IE, no post data sent
> This behaviour can not be reproduced in Firefox v2.
>
> Any ideas why this ocurrs in IE?
|
|
|
|
|