Menu
I know a similar question is already asked earlier at stack overflow but it didn't worked for me. Kindly read the entire question before answering/commenting.
I have implemented AD B2C in two web application all were working fine till last week. Now all of a sudden we are getting
Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long.
when the user tries to login into the website. Since my website requires every user to be logged in, it has blocked us completely.
My web app are also not working in incognito/inprivate window. Browser: Chrome, Firefox and Edge
When I open the application in chrome(not incognito) after deleting all the history I can see there are around 160+ cookies from the the web app url.
Yes too much cookies seems to be killing my webapp, but its happening even after deleting all the history of browser and in private browsing too.
Even I have reduced the claims attribute to 3 suspecting that more claims attributes might be increasing the header size.
I have tried this too but in vain.
Bottom Line: Deleting cookies and reducing claims both are not working for us and we are blocked. Thanks in advance.
497
Chosen solution This issues is usually caused by a corrupted cookie that is too long. Clear the Cache and remove the Cookies for websites that cause problems via the "3-bar" Firefox menu button (Options/Preferences). If clearing cookies didn't help then it is possible that the cookies.
If you see the following error when trying to log into University Services with Google Chrome: Bad Request - Request Too Long HTTP Error 400 Try the following: Clear the browser cache completely. Clear the browser cookies. Restart the browser and try again.
The HTTP 431 Request Header Fields Too Large response status code indicates that the server refuses to process the request because the request's HTTP headers are too long. The request may be resubmitted after reducing the size of the request headers.
I got this fixed after raising a ticket with Microsoft Support team.
Cause: There is a well-known issue with Owin Middle ware where it doesn’t set the authentication cookie and we end up being in a login loop. I was using an older version of OWIN.
Resolution: OWIN Version 3.1.0.0 has integrated the fix in terms of a cookie manager.
NOTE: In-spite of using the fix, we can run into issues if we have custom SESSIONSTATE handler being used in the application. In STARTUP.AUTH.CS, we will need to make the following changes
Old:
app.UseCookieAuthentication(new CookieAuthenticationOptions{});
New:
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
Below is the question discussing the same:
Second sign-in causes infinite redirect loop after the first successful login MVC .NET 5 OWIN ADAL OpenIDConnect
Hope this helps other.
Happy Coding.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With