Search code examples
vb.netiisbrowsercross-browserinternet-explorer-11

VB .NET Third-Party Extra-Long URL in IE11

I work on a VB .NET web app. The project targets .NET 4.0 and runs in IIS.

We have an interface with a third-party app. We are using SAML to display their information within our site. They require that the request URL is their base URL plus a query string that is always around 7,500 - 8,000 characters.

This works fine in Chrome but in IE11 the URL gets cut off just over 4,000 characters. I can see it in Fiddler going out like that, so the third-party is not responsible for this truncation.

Unfortunately we are required to support both IE11 and Chrome. We do NOT have to support any other browsers, including earlier versions of IE. The SAML response gets added to the URL like so:

Dim samlResponseStr As String = samlResponse.ToString()
Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr)
Dim encodedData As String = Convert.ToBase64String(bytesToEncode)

Dim strUrl As String = "https://training.com/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData)

At this point, of course, strUrl is identical regardless of which browser I'm using.

I've added the following to my web.config:

<system.webServer>
    <security>
        <requestFiltering>
            <requestLimits maxQueryString="100000" maxUrl="12288" />
        </requestFiltering>
    </security>
</system.webServer>

No matter what it gets cut off at the same point.

Is there a way to force IE11 to allow this URL to go out as-is?

Thanks!

Edited to add: Alternately, is there a way to shorten the URL within the code? These are one-time URLs which are not valid beyond the initial request, so there's no need to store them long-term.

Edited again: I don't need to display the URL anywhere - it does not need to appear in the address bar or be bookmarked or anything. This seems to indicate that longer URLs are possible in IE in some circumstances: https://blogs.msdn.microsoft.com/ieinternals/2014/08/13/url-length-limits/ But I haven't been able to find any more detail on that.

Solution

  • I was able to get it working by doing:

    Dim samlResponseStr As String = samlResponse.ToString()
Dim bytesToEncode() As Byte = Encoding.UTF8.GetBytes(samlResponseStr)
Dim encodedData As String = Convert.ToBase64String(bytesToEncode)

Dim strUrl As String = "https://training.com/SSO/NS/SAMLPatientDisplay.aspx?SAMLResponse=" & Server.UrlEncode(encodedData)
Response.Redirect(strUrl)

    I then had a problem because Response.Redirect executes before any client-side code. I created a second .aspx page for display only. All code EXCEPT the Response.Redirect happens on my original page and then the URL is sent to the new page for display.

    This works in IE11, Chrome, Firefox, and Edge.