Why am I getting an "HTTP 400" Bad Request error when trying to access an XLS file on ASP.NET site

Posted on 2011-05-05
Last Modified: 2012-05-11

I have an ASP.NET 3.5 site on MS Server 2003 using IIS 6.  The site uses forms authentication to allow users to login to a private section that uses SSL.  

Forms authentication worked great when attempting to access an ASPX file that was secure: It would redirect to the login page and required login before redirecting to the desired page.  The problem was that if you referred to another file type like pdf or xls, it would grant access without authenticating.  I researched the issue and found the solution by going into the site's application configuration and adding a wildcard application map to c:\windows\\framework\v2.0.50727\aspnet_isapi.dll and to my delight, it worked:  When I tested it by trying to access a pdf file behind the security wall, it properly required authentication but when I tried to access an xls file in the same location I got an HTTP 400 Bad Request error rather than the login page.

Why would it work with a PDF and not with an XLS?  How can I make it work?
Question by:pmodiano1
    LVL 9

    Expert Comment

    Try add HTTPHandler in web.config

    <add verb="*" path="*.xls" type="System.Web.UI.PageHandlerFactory" />
    LVL 9

    Accepted Solution

    Under the Virtual Directory tab
    click on the Configuration... button
    In the new window that opens up, under the Mappings tab,
    click Add...,
    click Browse and select C:\<windows root> \Microsoft.NET\Framework\<version>\aspnet_isapi.dll
    Provide the Extension without the dot (i.e just PDF)
    Under the Verbs section, you can leave it as is or for better security, provide only GET
    Uncheck the Verify File Exists checkbox

    Author Comment

    Thanks radcaesar but I tried both of your suggestions and I am still getting the 400 Error.  Any other ideas?
    LVL 9

    Expert Comment

    Tell me the exact error, like 400 Bad Request (Invalid URL)

    If u dont know check in IIS log file.

    Author Comment

    At the end of the line in the log file -- after the domain name -- were the numbers 400 0 0 211 636 0

    Not sure what that means.

    Author Comment

    Never mind - The problem was that the filename had an ampersand in it!

    Thanks so much for your help!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
    What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now