Menu
I have an ASP.NET Core 2.0 website using the vanilla implementation for authentication/authorization using Identity and cookies (not using OpenID Connect). I have a set of 20 roles, each of which could potentially have hundreds of claims used to permission access to site pages/features (using Authorize to decorate controller methods). I want to be able to control access to these pages/features without recompiling the site every time a change is needed; instead I allow admins to add/remove role claims directly through the site. For some reason I am hitting a ceiling based on the number of claims projected onto the user's identity.
I'm receiving an error
HTTP Error 400. The size of the request headers is too long
Any idea why I would be receiving this message? What is the best practice store/access these claims to be used with authorization?
275
Got the same problem on a Windows server. I had to resort to a registry setting.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
MaxFieldLength (DWORD) Decimal value 65534
MaxRequestBytes (DWORD) Decimal value 16777216
https://support.microsoft.com/en-ca/help/820129/http-sys-registry-settings-for-windows
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
