response 400 when running Out of Process only

[omuleanu]

Describe the bug

I'm using a tool to test my website and I'm getting error 400 when running Out Of Process

To Reproduce

Create a new ASP.net Core MVC Application (or use an existing) in VS project properties select Launch: IIS, Hosting Mode: Out Of Process [open port 80 on your router] open https://view.hugo-decoded.be and paste the url towards your app select user-agent: "Google Smartphone bot" click "View"

the response will be 400 when using InProcess 200

Further technical details

ASP.NET Core version 3.1 or 5 VS2019

[Tratcher]

Can you provide a network capture of the failure, along with ASP.NET Core server logs and IIS failed request tracing logs?

[omuleanu]

@Tratcher using "Charles Proxy" and Fiddler, requests from that website have code 200, even though on the site it shows as 400, My failed requests logs folder stays empty (inetpub\logs\FailedReqLogFiles) By ASP.net Core server logs, do you mean windows event viewer -> Windows logs ?

[Tratcher]

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/logging/?view=aspnetcore-5.0#configure-logging

Can you try wireshark?

[omuleanu]

@Tratcher I've added elmah, it doesn't show any errors,

I can see the 400 Bad request in wireshark, followed by 2 200 OK

3 get HTTP/1.1 requests, first gets 400, 2nd and 3rd gets 200 OK

[omuleanu]

when running InProcess all 3 get requests get 200 OK

[Tratcher]

Can you share the wireshark trace either here or e-mail it to me at the address in my profile?

[omuleanu]

@Tratcher sent it to your e-mail, zip with 2 .pcapng files for failed and success

[Tratcher]

The bad request has the following header:

User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/W.X.Y.Z‡ Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\r\n

Notice the Unicode value ‡ encoded as UTF-8 E2 80 A1. The successful requests don't have this.

IIS out-of-proc has known encoding issues with non-ascii characters in request headers since they are decoded by IIS (correctly), encoded by WinHttp (incorrectly), and then decoded again by Kestrel (failure).

Is there a reason you're still using out-of-proc? In-proc is the recommended model now.

[omuleanu]

On asp.net shared hosting I get 1 app pool for all the websites (domain and subdomains) and if I use InProcess with AspNetCoreModuleV2 (in web.config) I get this error:

HTTP Error 500.35 - ANCM Multiple In-Process Applications in same Process

I can leave it with InProcess but I have to remove the V2 to make it work, and I think this way that tool also gives 400.

I should probably switch to something like azure or ec2, last time I experimented I was getting way better (less) network latency (across the globe) from the shared hosting provider server.

[BrennanConroy]

We recommend switching to In-proc.

As a workaround you could either change the test tool to not have a weird user-agent, or you could try writing an IIS rewrite rule that sanitizes the user-agent.

[omuleanu]

@BrennanConroy it's not my tool, I just wanted to let you know, thought it might be some bug

[ghost]

This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.

See our Issue Management Policies for more information.