0

I am wanting to host a .Net Core app on IIS that uses authentication through Azure Active Directory. Right now I have the basic site setup that comes from completing the new project wizard in VS and it works great locally. However, when I deploy the project to IIS and try to open the page it seems to get stuck in an endless loop redirecting to the Microsoft login page that ultimately ends up in a:

Bad Request - Request Too Long

HTTP Error 400. The size of the request headers is too long.

Any idea what I am missing?

Community
  • 1
  • 1
Warlord 099
  • 113
  • 1
  • 8
  • Have you checked the replies in this similar [thread](http://stackoverflow.com/questions/14778910/bad-request-request-too-long-http-error-400-the-size-of-the-request-headers-i)? – Bruce Chen Nov 01 '16 at 08:22
  • @Bruce-MSFT I do believe it to be some sort of a cookie issue, but I have a hard time believing it is a result of "too many user groups"... It doesn't even work with a user that is only in one group. – Warlord 099 Nov 01 '16 at 20:15
  • What does your error handling and auth handling look like? it sounds like you may have an Authorize Attribute on the "Unauthorized" action... or whatever action you use for that. So therefore an Unauthorized response or error response will send you back to the middleware and the middleware will send back to the login then fail then start the whole process over again. – Patrick Mcvay Nov 21 '16 at 16:07
  • @PatrickMcvay Well... I really don't have a good grasp on any of this. I am just getting started on using AAD authentication. I literally just have what comes out of the box when setting up a new project which doesn't seem to work once deployed. – Warlord 099 Nov 22 '16 at 22:07
  • @Warlord 099 http://stackoverflow.com/a/40728317/6158454 check out this post. it was actually my post that I answered, but I put the entire startup and a custom cache out there. Now granted this is for talking back and forward with the Microsoft Graph Api but all of the auth is still going to be the same. Just leave out the policy adding on the services.AddMvc() and I know that auth works. also another thing I would try is just put [AllowAnonymous] above all of your controllers and see if that stops that endless loop – Patrick Mcvay Nov 22 '16 at 22:32
  • Also how are you deploying to IIS? and what server OS are you using? – Patrick Mcvay Nov 22 '16 at 22:37
  • @PatrickMcvay I believe you were correct about the Authorize Attribute on the Unauthorized action. I have an Authorize attribute on my main controller so when I try to go to my index page it constantly redirects. If I set up an un-authorized controller with a sign-in method and run it before my index page it works fine. Not sure why this fails on IIS but not when it is ran locally, but thanks for steering me in the right direction. – Warlord 099 Nov 22 '16 at 22:42
  • As for the once deployed it errors out thing... Check in your Startup Constructor, should be the first one in the startup class, by default I believe it only adds user secrets in development. So, if your client secret is being stored in user secrets, then that could very well be the problem. Now, it isn't recommended to use the User Secrets in Production but you can just to see if that solves your problem. – Patrick Mcvay Nov 23 '16 at 16:03

1 Answers1

0

Ensure that you have proper Reply URLs set up. Go here:

Open you app in Azure portal

And add replay url:

enter image description here

Dawid Rutkowski
  • 2,658
  • 1
  • 29
  • 36
  • Good suggestion, but yes I have the reply url set up. If you don't you end up with a different error: The reply address '[address]' does not match the reply addresses configured for the application – Warlord 099 Nov 02 '16 at 13:32