Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
I have an ASP.NET Core MVC 5 web application where I have implemented Azure AD SSO. I am trying to login with company account and soon after the authentication a white page appears with Bad Request - Request Too Long message.
When I checked the cookies there are cookies stored under developer tools Chrome under Application tab I found 4 chunks of cookies of size 4008 and one of 27.
I have around 95 Azure App Registrations App roles which has been mapped to user. And the few roles is coming as a claim around 35-40 roles and If I increased map of more app roles to user from Enterprise Application then above error start coming.
What I understand and observed is that If I map up to 35/40 app roles from Azure Enterprise Application to a user then all works good, and when I mapped more app roles says after 40 then the error start coming up.
In my startup.cs file, I'm using
services.AddMicrosoftIdentityWebAuthentication(Configuration).EnableTokenAcquistionToCallDownstreamApi().AddInMemoryTokenCaches();
Troubleshooting Steps which I followed before coming here:
- I marked groupMembershipClaims from App Manifest to null and also SecurityGroup both but it doesn't work.
- I tried to increased the request header size from code maxRequestHeaderSize to 73728000.
- I tried to increased the options.Limits.MaxRequestHeadersTotalSize but still doesn't work.
- I don't want any optional claims.
Expected Behavior
The authentication should be passed and page should be rendered.
Steps To Reproduce
Build a sample application ASP.NET Core MVC 5 and implement Azure AD SSO with above code in startup.cs file for Auth and mapped 100 app roles to a user and try to sign it.
Exceptions (if any)
No response
.NET Version
5.0
Anything else?
VS 2022