[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Why am I getting an "HTTP 400" Bad Request error when trying to access an XLS file on ASP.NET site

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-05-11

I have an ASP.NET 3.5 site on MS Server 2003 using IIS 6.  The site uses forms authentication to allow users to login to a private section that uses SSL.  

Forms authentication worked great when attempting to access an ASPX file that was secure: It would redirect to the login page and required login before redirecting to the desired page.  The problem was that if you referred to another file type like pdf or xls, it would grant access without authenticating.  I researched the issue and found the solution by going into the site's application configuration and adding a wildcard application map to c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll and to my delight, it worked:  When I tested it by trying to access a pdf file behind the security wall, it properly required authentication but when I tried to access an xls file in the same location I got an HTTP 400 Bad Request error rather than the login page.

Why would it work with a PDF and not with an XLS?  How can I make it work?
Question by:pmodiano1
  • 3
  • 3

Expert Comment

ID: 35700432
Try add HTTPHandler in web.config

<add verb="*" path="*.xls" type="System.Web.UI.PageHandlerFactory" />

Accepted Solution

radcaesar earned 2000 total points
ID: 35700450
Under the Virtual Directory tab
click on the Configuration... button
In the new window that opens up, under the Mappings tab,
click Add...,
click Browse and select C:\<windows root> \Microsoft.NET\Framework\<version>\aspnet_isapi.dll
Provide the Extension without the dot (i.e just PDF)
Under the Verbs section, you can leave it as is or for better security, provide only GET
Uncheck the Verify File Exists checkbox

Author Comment

ID: 35700539
Thanks radcaesar but I tried both of your suggestions and I am still getting the 400 Error.  Any other ideas?
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Expert Comment

ID: 35700739
Tell me the exact error, like 400 Bad Request (Invalid URL)

If u dont know check in IIS log file.

Author Comment

ID: 35701128
At the end of the line in the log file -- after the domain name -- were the numbers 400 0 0 211 636 0

Not sure what that means.

Author Comment

ID: 35701216
Never mind - The problem was that the filename had an ampersand in it!

Thanks so much for your help!

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Loops Section Overview
Suggested Courses
Course of the Month19 days, 9 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question