ASP.NET Core app hosted on IIS and authorized via ADFS produces "Request header field is too long"

Question

I have some ASP.NET core application which hosts on IIS and uses authorization strategy throught ADFS server. When it hosts the ASP.NET core app as self hosted app (Kestrel) it works good but when it hosts on IIS then it produces the "HTTP Error 400. A request header field is too long." error.

Any ideas about the solutions except which I've tried before? Here is my cookies screen. Yes its not small but it's not a huge size and I have no idea why IIS doesn't accepts it. Application cookies FROM ADFS

The solutions which I've googled and tried but it DOESN'T works.

• Increase MaxFieldLength and MaxRequestBytes to it's possible maximal values
• Icrease maxRequestLength in web.config

Answer 1

From this article:

This issue may occur if the user is a member of many Active Directory user groups.

The HTTP request to the server contains the Kerberos token in the WWW-Authenticate header. The header size increases together with the number of user groups. If the HTTP header or packet size increases past the limits that are configured on the server, the server may reject the request and send an error message as the response.

I suggest you could follow the article's solution to try to calculate the right request size and then modify your server's registry entry to increase the MaxFieldLength and MaxRequestBytes.