0

After the completion of about 40-45 APIs, the size of the authorization token is around 40 kb. And now after login whenever any request is being sent to the server it gives an error of "Bad Request, Header too long.

enter image description here

For Kestrel Server the blow code has been solved the error -

webBuilder.ConfigureKestrel(options =>
{
options.Limits.MaxRequestHeadersTotalSize = 1048576;
})

But for IIS Server I haven't got any kind of solution The solution I have tried is

  1. Increased the RequestLimit from web.config file.

  2. Add the MaxFieldLength and MaxRequestBytes in HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/HTTP/Parameters

  3. Add the below code in ConfigureServices method

    services.Configure(options => { options.AutomaticAuthentication = true; options.ForwardWindowsAuthentication = true; });

and many more tries but not got the final solution. Please help if anyone can...

m4n0
  • 29,823
  • 27
  • 76
  • 89
Pravin Jaiswal
  • 1
  • 1
  • maybe this can help?: https://stackoverflow.com/questions/3853767/maximum-request-length-exceeded/3853785#3853785 – Daniel Stackenland Aug 20 '21 at 13:07
  • Tried all the codes related to web.config attached in https://stackoverflow.com/questions/3853767/maximum-request-length-exceeded/3853785#3853785 Not worked – Pravin Jaiswal Aug 20 '21 at 13:32
  • You mean you have an `aud` claim with a list of 40+ audience URLs ? In any case, you should REALLY reconsider what you are doing. Such token should not exist. – Spomky-Labs Aug 22 '21 at 05:34

1 Answers1

0

Take a look on this link here: https://learn.microsoft.com/el-GR/troubleshoot/iis/httpsys-registry-windows

There are some registry settings, that limit IIS maxLenght. Depending on your IIS version, this could vary. They keys you should look for probably are:

MaxFieldLength (per header size) MaxRequestBytes (total size of request)

MKougiouris
  • 2,821
  • 1
  • 16
  • 19