0

I have a website written using C# on the top of ASP.NET MVC 5 framework. I used Microsoft.Owin.Security.OpenIdConnect project to enable OpenID authentication on my website.

When the I click on "OpenIDConnect" to login using the OpenID server, the authentication works. But when the user is redirected to the ~/ page, I get HTTP Error 400.

Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long.

The issue seems to happens due to having too many claims. Large amount of claims cause the cookie to be large in size.

In my project I have added the following in the Web.config

<system.web>
  <httpRuntime targetFramework="4.7.2" maxQueryStringLength="20000" maxRequestLength="100000000" />
</system.web>
<system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxAllowedContentLength="100000000" maxQueryString="20000" maxUrl="20000">
      </requestLimits>
      <hiddenSegments>
      </hiddenSegments>
    </requestFiltering>
  </security>
</system.webServer>

Still get the ERROR HTTP 400. How can I fix this issue?

The Build Action is set to Content for the Web.config file.

enter image description here

Is there a setting specific to the length of the cookies? How can I fix this issue?

Jay
  • 1,168
  • 13
  • 41
  • You might find some relief from this post: https://stackoverflow.com/questions/37112367/size-of-the-request-headers-is-too-long -- some upvoted answers involve clearing duplicated cookies. – David Tansey Jun 07 '23 at 00:16
  • you can reduce the size of the cookies by adding a session store, see this page about the session store https://www.red-gate.com/simple-talk/development/dotnet-development/using-auth-cookies-in-asp-net-core/ – Tore Nestenius Jun 07 '23 at 06:12
  • Please try clearing your browser cache completely, and clearing your browser cookies, restarting your browser and trying again. – YurongDai Jun 07 '23 at 08:45

0 Answers0