IIS Header too long

Question

I use a lot of claims and store them in token. I encountered this error before only in swagger, and clearing cache always worked for me. However, now I see this error in production environment. Current "Authorization" header that is giving this error is ~16kb. I tried to increase "Authorization" header size in IIS, added these to web.config

<system.web>
        <httpRuntime maxRequestLength="500000000"  executionTimeout="120" />
    </system.web>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
<security>
          <requestFiltering>
            <requestLimits maxAllowedContentLength="500000000" />
          </requestFiltering>
        </security>

and added tried increasing limit in Kestrel:

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseStartup<Startup>()
            .ConfigureKestrel((context, options) =>
            {
                options.Limits.MaxRequestHeadersTotalSize = 1048576;
            });
    }

None of the above helped. I didn't find other solutions, what else can be done here?

Answer 1

As Lex Li said.
According to the MSDN,
https://support.microsoft.com/en-us/help/820129/http-sys-registry-settings-for-windows
We could try to set up the MaxRequestBytes property in the below Registration location.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

If the property doesn’t exist, create and set up it.

The registry takes high priority as the driver is the entry point of packets. It is also a server-wide setting for all incoming HTTP packets.

Please refer to the below thread.
Do web.config header size limits override http.sys limits in the registry?
https://serverfault.com/questions/417113/iis-6-header-too-big-how-to-tune-this-iis-setting
How to increase size limit for HTTP header value in request for Azure IIS?