When a user of my app is included in too many Okta groups, the app (after Okta login) is unusable due to this error:
Bad Request - Request Too LongHTTP Error 400. The size of the request headers is too long.This error was reported by a user (so important note: it does NOT only occur during debugging). I added myself to every available group just to be able to reproduce the bug. Now that I have done so, the bug is occurring for me. I can see that the cookie is approximately 18.5 KB - big, but not ridiculous.
Changing anything to do with the Okta setup is not an option right now, so I need to find a way to change my app's configuration to avoid this issue.
Note: The app is using IIS Express, Blazor, and .NET Core 3.1.
I have tried every suggestion I have found online, and none of them work:
- clear browser cookies and cache
- debug in a different browser (its cookies and cache were clear and it had no other windows or tabs open)
- add
maxAllowedContentLengthtoapplicationhost.config - increase the existing
maxAllowedContentLengthinweb.config - add the following code to
startup.cs:
services.Configure<IISServerOptions>(options => { options.MaxRequestBodySize = int.MaxValue; // or your desired value });- every combination of suggestions 3, 4, and 5 above
- defining
httpRuntimewithinsystem.webinweb.config, includingmaxUrlLength,maxQueryStringLength,maxRequestLength, andenableVersionHeader='false' - defining
maxFieldLengthas well asmaxAllowedContentLengthinapplicationhost.config(this wouldn't even run:maxFieldLengthwas not recognized)
The only suggestion I have seen anywhere that I haven't tried is changing the IIS registry settings, because my team is hoping it doesn't come to that. (The Microsoft documentation itself says this can be extremely dangerous! Surely there's a safer way.) I really want to fix this by configuring the app itself.