Alan Smith has created a great resource called "The Bloggers Guide to BizTalk". He created a help file (.chm file) where he has incorporated some great content from many of the BizTalk Bloggers. These include:
Kevin B Smith
The Bloggers Guide to BizTalk is a free resource and can be downloaded from the GotDotNet Workspace
We all are aware about canonicalization issues with ASP.NET and know that the ASP.NET team is continuing to work on this problem. I my past posts, I had posted one of the options suggested by Microsoft to get rid of it.
One of te options is to add code to global.asax.
To use this option, add one of the following code samples to global.asax:
Global.asax code sample (Visual Basic .NET)
Sub Application_BeginRequest(Sender as Object, E as EventArgs)
If (Request.Path.IndexOf(chr(92)) >= 0 OR _
System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) Then
Throw New HttpException(404, "Not Found")
Global.asax code sample (C#)
void Application_BeginRequest(object source, EventArgs e)
if (Request.Path.IndexOf('\\') >= 0 ||
System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath)
throw new HttpException(404, "not found");
Another option is to install the HTTP Handler
Microsoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.
You can download VPModule.msi at
I received a mail from somebody saying that he was having an ASP app that uses VB6 component to upload files to a server. He has recently migrated to IIS6 and now if he tries to upload a file bigger than ~300k it returns an unspecified error.
I just recalled: AspMaxRequestEntityAllowed. The AspMaxRequestEntityAllowed property specifies the maximum number of bytes allowed in the entity body of an ASP request. If a Content-Length header is present and specifies an amount of data greater than the value of AspMaxRequestEntityAllowed, IIS returns a 403 error response. This property is related in function to MaxRequestEntityAllowed, but is specific to ASP request. Whereas you might set the MaxRequestEntityAllowed property to 1 MB at the general World Wide Web Publishing Service (WWW Service) level, you may choose to set AspMaxRequestEntityAllowed to a lower value, if you know that your specific ASP applications handle a smaller amount of data.
Programmatically check for canonicalization issues with ASP.NET
What You Should Know About a Reported Vulnerability in Microsoft ASP.NET...
http://www.microsoft.com/security/incident/aspnet.mspx published on 10/6/2004
Microsoft KB article: http://support.microsoft.com/?kbid=887459 published on 10/5/2004