79750836

Date: 2025-08-29 23:08:44
Score: 1
Natty:
Report link

When you enable Windows Authentication in IIS, the client must first authenticate before the request body is read.

If your request body is too large (bigger than IIS’s maxAllowedContentLength), IIS rejects it before authentication completes.

Because of that, instead of giving you a clean HTTP 413 Payload Too Large or 404.13 Content Length Too Large, the client sometimes sees a Windows auth challenge popup (because IIS re-challenges authentication when it can’t properly process the request).

Solution, In web.config (IIS limit in bytes):

<system.webServer>
    <security>
        <requestFiltering>
            <requestLimits maxAllowedContentLength="10485760" /> <!-- 10 MB, add more to fix the issue -->
        </requestFiltering>
    </security>
</system.webServer>
Reasons:
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Self-answer (0.5):
  • Starts with a question (0.5): When you
  • Low reputation (1):
Posted by: ZZZUnbanned