ASP .Net Core 6 / IIS Server File Upload Restriction ?

Question

ASP .Net Core 6 / IIS Server File Upload Restriction ?

Liyanage, Rangajeewa 25

I’m running a .NET Core 6 web application hosted on IIS 10 on a Windows Server. One of the key features involves uploading Excel files via an <input type="file"> element, which are then saved to the application server.

However, I’ve encountered a puzzling issue: files smaller than 65 KB upload successfully, but larger files consistently fail. I’ve already configured the following settings in web.config to allow larger uploads:

maxAllowedContentLength (set well above the default 30 MB)
maxRequestLength
MaxJsonDeserializerMembers

Despite these configurations, the issue persists. Is there any other setting—either in IIS, ASP.NET Core, or the OS—that could be silently enforcing a lower file size limit and overriding these values?

SurferOnWww 4,951 Reputation points

2025-10-31T02:12:25.6133333+00:00

Please write the error message in detail if available.

I suggest that you read the Microsoft document Upload files in ASP.NET Core. There might be a clue to find the cause of your issue related to 64KB limit.

Liyanage, Rangajeewa 25

error : "Object reference not set to an instance of an object"

Ajax POST

Java Script as follows

 var input = document.getElementById("fileUpload1");
 var files = input.files;
 var formData = new FormData(document.getElementById('form_id'));
 for (var i = 0; i !== files.length; i++) {
     formData.append("files", files[i]);
 }
 $.ajax({
 type: 'POST',
 processData: false,
 contentType: false,
 cache: false,
 enctype: 'multipart/form-data',
 url: "./RealtimeImports?handler=UploadFiles",
 data: **formData**,
 headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() },
 success: function (response) {
     if (response.error==0){}
         else
         {}
 }
 })


Note :
When submitting `formData` to the server, I observed that if the total size of the uploaded files exceeds approximately 65 KB, the `IList<IFormFile> files` parameter is received as `null` on the server side.

SurferOnWww 4,951 Reputation points

2025-10-31T13:28:06.4066667+00:00

Why do you use the JavaScript to upload? Your code does not seem to be correct. Why don't you use the submit type button to submit the form?

Please show minimum but complete code (not only JavaScript but also model, controller and view in case of MVC) which can reproduce your issue.

Liyanage, Rangajeewa 25

This ASP.NET Core Razor Page is designed with multiple postback operations to process form submissions and update content based on user input.

.cshtml (View)

<form class="align-items-sm-center border-1" enctype="multipart/form-data" method="post" onsubmit="return false" id="form_id">
 <input type="file" id="fileUpload1" style="width:465px" size="60" />
.cshtml.cs (Model )
public async Task<ActionResult> OnPostUploadFiles(IList<IFormFile> files)
{
}

Java script

$("#fileUpload1").on("change", function () {
       uploadFiles();
    });
function uploadFiles() {
var input = document.getElementById("fileUpload1");
 var files = input.files;
 var formData = new FormData(document.getElementById('form_id'));
 for (var i = 0; i !== files.length; i++) {
     formData.append("files", files[i]);
 }
 $.ajax({
 type: 'POST',
 processData: false,
 contentType: false,
 cache: false,
 enctype: 'multipart/form-data',
 url: "./RealtimeImports?handler=UploadFiles",
 data: formData,
 headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() },
 success: function (response) {
     if (response.error==0){}
         else
         {}
 }
 })
}

SurferOnWww 4,951 Reputation points

2025-10-31T14:15:48.83+00:00

The above is NOT complete to reproduce your issue. Please show your complete code if you really need help.
Liyanage, Rangajeewa 25 Reputation points

2025-10-31T14:52:48.34+00:00
This application is built using ASP.NET Core Razor Pages, not the traditional ASP.NET Core MVC framework. Unlike MVC, Razor Pages combine the view and controller logic within the same .cshtml file, streamlining page-specific functionality.

Framework: ASP.NET Core Razor Pages

Architecture: Page-centric, with view and controller logic co-located

Client-Side Interaction: JavaScript and AJAX are used extensively to handle asynchronous operations

AJAX POST: For submitting data to the server without full page reloads

AJAX GET: For retrieving data dynamically based on user actions

I’m unable to upload the full code at the moment—sorry about that, and thanks for your help!
Ross Pakk 80 Reputation points

2025-11-02T08:13:17.7166667+00:00
Hey, that’s a pretty common issue with IIS and .NET Core. Even if you’ve updated the limits in web.config, ASP.NET Core doesn’t always pick those up. Try adding this to your Program.cs:

builder.Services.Configure<FormOptions>(options => { options.MultipartBodyLengthLimit = 104857600; // 100 MB });

Also check the Request Filtering settings in IIS — sometimes the maxAllowedContentLength there still caps the size. After updating both, restart the app pool. That usually clears up the upload problem.

Answer accepted by question author

2 additional answers

Your answer

SurferOnWww 4,951 Reputation points

2025-10-31T02:12:25.6133333+00:00

Please write the error message in detail if available.

I suggest that you read the Microsoft document Upload files in ASP.NET Core. There might be a clue to find the cause of your issue related to 64KB limit.
Liyanage, Rangajeewa 25 Reputation points

2025-10-31T12:42:06.1233333+00:00

error : "Object reference not set to an instance of an object"

Ajax POST

Java Script as follows

var input = document.getElementById("fileUpload1"); var files = input.files; var formData = new FormData(document.getElementById('form_id')); for (var i = 0; i !== files.length; i++) { formData.append("files", files[i]); } $.ajax({ type: 'POST', processData: false, contentType: false, cache: false, enctype: 'multipart/form-data', url: "./RealtimeImports?handler=UploadFiles", data: **formData**, headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() }, success: function (response) { if (response.error==0){} else {} } }) Note : When submitting `formData` to the server, I observed that if the total size of the uploaded files exceeds approximately 65 KB, the `IList<IFormFile> files` parameter is received as `null` on the server side.
SurferOnWww 4,951 Reputation points

2025-10-31T13:28:06.4066667+00:00

Why do you use the JavaScript to upload? Your code does not seem to be correct. Why don't you use the submit type button to submit the form?

Please show minimum but complete code (not only JavaScript but also model, controller and view in case of MVC) which can reproduce your issue.
Liyanage, Rangajeewa 25 Reputation points

2025-10-31T13:55:33.6133333+00:00

This ASP.NET Core Razor Page is designed with multiple postback operations to process form submissions and update content based on user input.

.cshtml (View)

<form class="align-items-sm-center border-1" enctype="multipart/form-data" method="post" onsubmit="return false" id="form_id"> <input type="file" id="fileUpload1" style="width:465px" size="60" /> .cshtml.cs (Model ) public async Task<ActionResult> OnPostUploadFiles(IList<IFormFile> files) { }

Java script

$("#fileUpload1").on("change", function () { uploadFiles(); }); function uploadFiles() { var input = document.getElementById("fileUpload1"); var files = input.files; var formData = new FormData(document.getElementById('form_id')); for (var i = 0; i !== files.length; i++) { formData.append("files", files[i]); } $.ajax({ type: 'POST', processData: false, contentType: false, cache: false, enctype: 'multipart/form-data', url: "./RealtimeImports?handler=UploadFiles", data: formData, headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() }, success: function (response) { if (response.error==0){} else {} } }) }
SurferOnWww 4,951 Reputation points

2025-10-31T14:15:48.83+00:00

The above is NOT complete to reproduce your issue. Please show your complete code if you really need help.
Liyanage, Rangajeewa 25 Reputation points

2025-10-31T14:52:48.34+00:00

This application is built using ASP.NET Core Razor Pages, not the traditional ASP.NET Core MVC framework. Unlike MVC, Razor Pages combine the view and controller logic within the same .cshtml file, streamlining page-specific functionality.

Framework: ASP.NET Core Razor Pages

Architecture: Page-centric, with view and controller logic co-located

Client-Side Interaction: JavaScript and AJAX are used extensively to handle asynchronous operations

AJAX POST: For submitting data to the server without full page reloads

AJAX GET: For retrieving data dynamically based on user actions

I’m unable to upload the full code at the moment—sorry about that, and thanks for your help!
Ross Pakk 80 Reputation points

2025-11-02T08:13:17.7166667+00:00

Hey, that’s a pretty common issue with IIS and .NET Core. Even if you’ve updated the limits in web.config, ASP.NET Core doesn’t always pick those up. Try adding this to your Program.cs:

builder.Services.Configure<FormOptions>(options => { options.MultipartBodyLengthLimit = 104857600; // 100 MB });

Also check the Request Filtering settings in IIS — sometimes the maxAllowedContentLength there still caps the size. After updating both, restart the app pool. That usually clears up the upload problem.

Answer 1

SurferOnWww 4,951

error : "Object reference not set to an instance of an object"

When submitting formData to the server, I observed that if the total size of the uploaded files exceeds approximately 65 KB, the IList<IFormFile> files parameter is received as null on the server side.

I’m unable to upload the full code at the moment

If you cannot show the complete code which can reproduce your issue, please investigate by yourself why IList<IFormFile> is null.

First, please investigate if the form data are properly sent from the client to tha server. To do so, please use the Fiddler or equivalent tool to capture the data sent from the client to the server. For example when the following data are sent using ajax,

const form = new FormData();
form.append('my_field', 'my value');
form.append('my_buffer', new Blob([1,2,3]));
form.append('my_file', fileInput.files[0]);

the contents captured by the Fiddler look like below:

enter image description here

Please obtain the captured result by yourself and verify if the data are properly sent.

Liyanage, Rangajeewa 25

Java Script

$("#fileUpload1").on("change", function () {

        var workSheet = $(this).val();    

        uploadFiles();
 });

function uploadFiles() {

var input = document.getElementById("fileUpload1");

var files = input.files;

var formData = new FormData(document.getElementById('form_id'));

    for (var i = 0; i !== files.length; i++) {

        formData.append("files", files[i]);


  

    }

      $.ajax({

        type: 'POST',

        processData: false,

        contentType: false,

        cache: false,

        enctype: 'multipart/form-data',

        url: "./RealtimeImports?handler=UploadFiles",

        data: formData,

        headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() },

        success: function (response) {

            if (response.error==0){

                if (response.fileName!== null)

                {


               

                   $("#ResumeFileName").val(response.fileName );            

                    // Different procedure for get the excel sheet count !

                     getSheets (response.fileName)

                   });


             

                }

                else

                {            

                    alert("No excel file selection....!")

                     $("#workSheet").empty();

                     document.getElementById("uniqueRows").innerText='';

                    return false;

                }


           

            }

            else

            {

                $('#loading').hide();

                alert(response.ErrResult);

                 $("#workSheet").empty();

                  document.getElementById("uniqueRows").innerText='';

                return false;

            }

        }

    });

Liyanage, Rangajeewa 25

Controller

public async Task<ActionResult> OnPostUploadFiles(IList<IFormFile> files)

{

var error = 0;

try

{

    string fileName = null;

    var UploadFileAbsoluteSaveLocation = config["UploadFileAbsoluteSaveLocation"];

    foreach (IFormFile source in files)

    {

        fileName = ContentDispositionHeaderValue.Parse(source.ContentDisposition).FileName.Trim('"');

        fileName = this.EnsureCorrectFilename(fileName);

        await Task.Delay(1000);

        int buffersize = 100000;

        using (FileStream output = System.IO.File.Create(this.GetFullPathOfFile(fileName), buffersize))

            await source.CopyToAsync(output);

    }

var response = new { fileName, error };

    return new JsonResult(response);

}

catch (Exception ex)

{

    error = 1;

    var ErrResult = ex.Message;

    var response = new { ErrResult, error };

    return new JsonResult(response);

    throw;

}

}

Liyanage, Rangajeewa 25 Reputation points

2025-11-03T11:27:56.07+00:00

HTML part

<form class="align-items-sm-center border-1" enctype="multipart/form-data" method="post" onsubmit="return false" id="form_id">

<input type="file" id="fileUpload1" style="width:465px" size="60" />
Liyanage, Rangajeewa 25 Reputation points

2025-11-03T11:46:26.58+00:00

"I hope these code snippets are suitable for your investigation. They include the complete implementations of two functions and the corresponding HTML elements."

SurferOnWww 4,951

I cannot reproduce your issue as long as I have tested your code in my environment as mentioned below. Now only thing I can guess is the MemoryBufferThreshold which is 64KB by default. I will write my guess in detail in my next comment.

my cshtml (The code is almost same as yours)

@page
@model RazorPages2.Pages.UploadModel

@{
    ViewData["Title"] = "Upload";
}

<form class="align-items-sm-center border-1" 
    enctype="multipart/form-data" method="post" 
    onsubmit="return false" id="form_id">

    <input type="file" id="fileUpload1" 
        style="width:465px" size="60" />
</form>

<div id="result"></div>

@section Scripts {
    <script type="text/javascript">
        $("#fileUpload1").on("change", function () {
            uploadFiles();
        });

        function uploadFiles() {
            var input = document.getElementById("fileUpload1");
            var result = document.getElementById("result");
            var files = input.files;
            var formData = new FormData(document.getElementById('form_id'));

            for (var i = 0; i !== files.length; i++) {
                formData.append("files", files[i]);
            }

            $.ajax({
                type: 'POST',
                processData: false,
                contentType: false,
                cache: false,
                enctype: 'multipart/form-data',
                url: "/upload",
                data: formData,
                headers: { "RequestVerificationToken": $('input[name="__RequestVerificationToken"]').val() },
                success: function (response) {
                    result.innerText = response;
                }
            })
        }
    </script>

}

The above code could send the form date to the server properly as shown below:

enter image description here

my cshtml.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;

namespace RazorPages2.Pages
{
    public class UploadModel : PageModel
    {
        public void OnGet()
        {
        }

        public IActionResult OnPost(IList<IFormFile> files)
        {
            string result;
            IFormFile? postedFile = files[0];
            if (postedFile != null && postedFile.Length > 0)
            {
                string filename = Path.GetFileName(postedFile.FileName);
                result = $"{filename} ({postedFile.ContentType}) - " +
                         $"{postedFile.Length} bytes uploaded";
            }
            else
            {
                result = "upload fail";
            }

            return Content(result);
        }
    }
}

The posted file of more than 65KB could be received as shown below:

enter image description here

SurferOnWww 4,951 Reputation points

2025-11-05T04:28:38.9733333+00:00
The Microsoft document File upload scenarios says "Any single buffered file exceeding 64 KB is moved from memory to a temp file on disk. Temporary files for larger requests are written to the location named in the ASPNETCORE_TEMP environment variable. If ASPNETCORE_TEMP is not defined, the files are written to the current user's temporary folder."

The above mean that the IIS worker process shall have the proper access right to the ASPNETCORE_TEMP or current user's temporary folder if file is larger than 64KB.

I guess that by default the IIS worker process does not have the access right to such folder.

Therefore, first try increasing the value of MemoryBufferThreshold (64KB by default) such like below and uploading the file of more than 64KB and less than 128KB.

services.Configure<FormOptions>(options => { options.MemoryBufferThreshold = 131072; // 128 KB });

If the result is successful, try giving the proper access right to the IIS worker process. Below is the suggestion given by Copilot (not validated):

What Happens with Files >64 KB

When a file exceeds the MemoryBufferThreshold of 64 KB:

ASP.NET Core buffers it to disk.

It writes to the folder specified by the ASPNETCORE_TEMP environment variable.

If ASPNETCORE_TEMP is not set, it defaults to the current user's temp folder — which, under IIS, typically means the temp folder of the application pool identity.

Why This Can Cause Upload Failures

If the app pool identity (e.g., IIS AppPool\MyAppPool) does not have write access to the temp folder being used, buffering fails. This can result in:

Silent upload failures

HTTP 500 errors

Unexpected behavior with no clear error message

How to Fix It

You have two options:

Option 1: Set ASPNETCORE_TEMP to a Custom Writable Folder

(1) Create a folder like C:\MyAppTemp

(2) Grant write permissions to the app pool identity:

Use icacls or folder properties → Security tab

Add IIS AppPool\YourAppPoolName with Modify rights

(3) Set the environment variable:

[System.Environment]::SetEnvironmentVariable("ASPNETCORE_TEMP", "C:\MyAppTemp", "Machine")

(4) Restart IIS

Option 2: Grant Access to Default Temp Folder

Identify the default temp folder (e.g., C:\Windows\Temp)

Grant write access to the app pool identity. Be cautious: this folder is shared by many processes, so a dedicated folder is safer

How to Confirm

You can log the temp path used by ASP.NET Core:

var tempPath = Path.GetTempPath(); _logger.LogInformation($"Temp path: {tempPath}");
Liyanage, Rangajeewa 25 Reputation points

2025-11-05T11:10:52+00:00

Here is the missing configuration section for Program.cs. I really appreciate your help—it's working now!

services.Configure<FormOptions>(options =>

{ options.MemoryBufferThreshold = 131072; // 128 KB

});

Answer 2

Bruce (SqlWork.com) 82,061 Volunteer Moderator

.net core 6 (out of support) does not honor any web.config settings. the hosting module does, but the only relevant setting is the request timeout:

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/web-config?view=aspnetcore-9.0

for asp.net core, you configure hosting setting in code.

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/options?view=aspnetcore-9.0

Answer 3

Hi,

A hard cutoff around 64–65 KB almost means maxAllowedContentLength isn't the issue ( as its default is ~30 MB). That tiny ceiling typically points to one of these two causes:

IIS pre‑read buffer too small (uploadReadAheadSize, default 48 KB).
A code or attribute limit set to 65536 bytes (MaxRequestBodySize = 65536 or [RequestSizeLimit(65536)]), or reduced multipart limits.

Try these steps:

Confirm placement: show just the <system.webServer> block with requestLimits.
Search your codebase for any 64 KB cap: RequestSizeLimit, MaxRequestBodySize, MultipartBodyLengthLimit, 65536. Remove or raise if found.

If no code limit found, add a diagnostic uploadReadAheadSize (keep it modest):


	<system.webServer>

		<security>

			<requestFiltering>

				<requestLimits maxAllowedContentLength="104857600" />

			</requestFiltering>

		</security>

		<serverRuntime uploadReadAheadSize="1048576" /> <!-- 1 MB test -->

	</system.webServer>

Ensure you’re using a plain multipart/form-data upload (not Base64 in JSON).
Retest a >70 KB file; if it now succeeds, keep a reasonable buffer (256 KB–1 MB). If it still fails, grab the IIS log entry (status/substatus) so we can see if a module or proxy is terminating early.

I suggest also take a look at these documentation:

Request filtering / maxAllowedContentLength: Configure request filtering in IIS
Pre‑read buffer (uploadReadAheadSize): <serverRuntime>
uploadReadAheadSize : uploadReadAheadSize
RequestLimits element reference: requestLimits Element

If after these checks the limit persists, next suspects are a security/WAF module or a reverse proxy in front of IIS—share the IIS module list and the exact status code.

Let me know the result if the problem still persists. I hope this helps.

Liyanage, Rangajeewa 25 Reputation points

2025-11-03T13:28:36.9933333+00:00

I've tried all the suggestions above, including checking the Windows Firewall settings (firewall is off). Unfortunately, it's still not working.

Share via

ASP .Net Core 6 / IIS Server File Upload Restriction ?

2 additional answers

Your answer