Typically, default server configuration does not allow to upload files with HTML5/Flash Uploader. This topic describes how to configure a server you are going to deploy HTML5/Flash Uploader properly.

Disabling Requset Validation

ASP.NET automatically validates a request or rejects it if there are dangerous fields. However, HTML5/Flash Uploader sends files data in text fields (instead of binary ones) due to Adobe Flash Player limitations. IIS may treat this behavior as potentially dangerous and, thus, you can get the following error during uploading:

A potentially dangerous Request.Form value was detected from the client

In this case you should disable the request validation on the page which processes the upload request:

<%@ Page Language="C#" ValidateRequest="false" %>

Configuring Permissions

The folder where you are going to save files should have modify permissions. Depending on your operating system it can be set in one of the following ways:

  • On Windows NT/2000/XP you should grant the modify permission to the Internet guest user (IUSR_<machinename>).
  • On Windows 2003 Server you should grant the modify permission to the NETWORK SERVICE group.
  • On Windows Vista/2008 Server/7 you should grant the modify permission to the account your site application pool is running under, Network Service by default.

Configuring Maximum POST Request Length

Usually limitation for maximum POST request length is specified to reduce the risk of DoS attacks. If the request size exceeds a specific value, it is considered malicious and the upload would be broken.

If you are going to upload files larger than the default limitation, increase the latter.

For IIS 7:

  1. Go to C:\Windows\System32\inetsrv\config\applicationHost.config and change


    <section name="requestFiltering" overrideModeDefault="Deny" />



    <section name="requestFiltering" overrideModeDefault="Allow" />
  2. Add to your application web.config the following sections:


                <requestLimits maxAllowedContentLength ="2147482624" /> <!-- in bytes -->


         <httpRuntime maxRequestLength="2097151"/> <!-- in kilobytes -->

For IIS 6:

Add to your application web.config the following section:


    <httpRuntime maxRequestLength="2097151"/> <!-- in kilobytes -->

Configuring Control to Support Medium Trust Level

.NET Trust Level in IIS specifies the level of code access security for ASP.NET applications. By default, HTML5/Flash Uploader works under the full trust level. However, if you create a website with the medium trust level on your server, you should configure HTML5/Flash Uploader to support this level as well. To perform this, just set the MediumTrustCompatibility property to true as the snippet below shows:


<aur:ImageUploaderFlash ID="ImageUploaderFlash1" runat="server" 

Setting the MediumTrustCompatibility property to true requires an application's pool to be routed to a single worker process. To perform this run IIS Manager, choose the application pool under which your website works, click Advanced Settings in the Actions panel, and set Maximum Worker Processes to 1:

Configuring Control to Support Medium Trust Level

If you do not know which application pool is used by your website, choose this website in the Connections panel of IIS manager, open Basic Settings... in the Actions panel, and find Application pool in the opened dialog.