Bad Request - Request Too Long, HTTP Error 400. The size of the request is too long. #59771
Comments
dotnet-issue-labeler
bot
added
the
needs-area-label
|
.NET 5 has been out of support since May 2022 - you should upgrade to .NET 8 or 9 and see if your issue is resolved. |
|
@martincostello its an large application it can't be moved immediately to newer versions. But it would be great to get any support on this. |
|
That may be true, but officially you've been out support for over 2 and a half years and are missing lots of important security patches as a consequence. |
|
Does this mean I will not get any support for this? |
|
I'll leave the ASP.NET Core team to answer that (I just help triage issues), but from the .NET and .NET Core Support Policy:
|
|
how to tag ASP.NET Core team? |
|
They'll see this issue. |
|
@martincostello thanks! |
|
@blowdart / @analogrelay can you plz help here. |
|
Nope, I'll leave it to the aspnet team But as the security PM I will point out, as has already been mentioned, you are long outside .NET 5's support lifetime and haven't been getting security updates for a concerning amount of time. Expecting to get such a large amount of group claims from AAD/Entra is what is causing the problem and it's a limitation of Entra. It's why you have the ability in Entra to limit the group / claim information to the groups that directly apply to your application. Wanting such a large amount indicates an architecture problem rather than an aspnet problem IMO. You could use claims enhancement to make a call to the AAD user information endpoint to supplement the role claim if you feel you need such a large authentication ticket. Our policy is that in order to get support you must update to a supported runtime. |
|
@blowdart I'm not expecting nor even configured token configuration in Azure App Registration to return any AD groups or roles as a claim, I don't need any such claims. The only issue is that by default the roles claims is added http://schemas.microsoft.com/ws/2008/06/identity/claims/role and these roles is in large. I don't need these claim and it is all adding by default and creating unwanted cookies and increasing its size and getting a trouble with Request header size is too large. |
Is there an existing issue for this?
Describe the bug
I have an ASP.NET Core MVC 5 web application where I have implemented Azure AD SSO. I am trying to login with company account and soon after the authentication a white page appears with Bad Request - Request Too Long message.
When I checked the cookies there are cookies stored under developer tools Chrome under Application tab I found 4 chunks of cookies of size 4008 and one of 27.
I have around 95 Azure App Registrations App roles which has been mapped to user. And the few roles is coming as a claim around 35-40 roles and If I increased map of more app roles to user from Enterprise Application then above error start coming.
What I understand and observed is that If I map up to 35/40 app roles from Azure Enterprise Application to a user then all works good, and when I mapped more app roles says after 40 then the error start coming up.
In my startup.cs file, I'm using
services.AddMicrosoftIdentityWebAuthentication(Configuration).EnableTokenAcquistionToCallDownstreamApi().AddInMemoryTokenCaches();
Troubleshooting Steps which I followed before coming here:
Expected Behavior
The authentication should be passed and page should be rendered.
Steps To Reproduce
Build a sample application ASP.NET Core MVC 5 and implement Azure AD SSO with above code in startup.cs file for Auth and mapped 100 app roles to a user and try to sign it.
Exceptions (if any)
No response
.NET Version
5.0
Anything else?
VS 2022
The text was updated successfully, but these errors were encountered: