iis 7 - How do I enable upload of large files in classic ASP on IIS 7?

Question

Recently I had to get an old ASP application working in IIS 7.5 on a W2K8 server. Almost everything works fine, except that I can't seem to get it to accept uploads larger than ~200kB. I did find a setting, that from what I can understand should to the trick, in the applicationHost.config, I set the max request size to 100 MB like this:

<location path="TheNameOfMySite">
    <system.webServer>
        <security>
            <requestFiltering>
                <requestLimits maxAllowedContentLength="104857600" />
            </requestFiltering>
        </security>
    </system.webServer>
</location>

Unfortunately, this seems to do nothing at all, it still refuses to accept any files larger than about 200 KB, and in the log file it gives this error message:

ASP_0104_:_80004005|Operation_not_Allowed

Googling that points to increasing the maxAllowedContentLength as I have done above. So I'm fresh out of ideas, but confident that the clever stackoverflow crowd can solve this in less time than it took for me to write this question.

Answer 1

The maxAllowedContentLength controls how much data is allowed to be sent in a response. However you want to control how much can be accepted in a request. This is handled by the maxRequestEntityAllowed attribute of the limits element in the asp section of the config file. An example might look like:-

<system.webServer>
  <asp>
     <cache diskTemplateCacheDirectory="%SystemDrive%inetpubempASP Compiled Templates" />
     <limits scriptTimeout="00:02:00"
        queueConnectionTestTime="00:00:05"
        requestQueueMax="1000"
        maxRequestEntityAllowed="104857600"
        />
  </asp>

You can configure this in the IIS7 manager under the "Limit Properties" category in the property grid for the ASP feature. Alternatively you can use a command line:-

appcmd set config /section:asp /limits.maxRequestEntityAllowed:104857600

Note that extending this value increase the window for DOS attack where the attacker sends large content to the server so don't be tempted to extend this beyond what you really need.