问题描述
当我尝试运行
报错HTTP 400: Size of header request is too long一般是因为cookie太多或者cookies太多太大.
Azure AD B2C 的登录通过 login.microsoftonline.com 进行,几乎所有 Microsoft 服务(O365、Azure 等)也是如此.因此,如果您在这些服务中登录了多个帐户,那么您会累积导致此问题的 cookie.
这对于开发人员来说肯定比最终用户更频繁地发生,因为开发人员使用他们的公司帐户登录到 Azure 门户,也许还使用 B2C 管理员帐户,然后通过多次登录测试他们的 B2C 驱动的应用程序.
从长远来看,答案将是允许 Azure AD B2C 客户指定他们自己的自定义域.这使应用程序的 B2C cookie 与 login.microsoftonline.com 中的所有其他内容隔离开来.截至 2019-06-23,此功能仍在开发中.您可以通过在 Azure AD B2C 反馈论坛中投票支持此功能并跟踪其进度:客户拥有的域
但是,在此期间,您可以探索两件事:
清除您的 Cookie.这肯定每次都能奏效,只是很麻烦,尤其是在呈现给最终用户时.
限制您在令牌中包含的声明数量.您 包含在您的策略中,您最终会收到更长的 http 请求,从而减少来自其他 Microsoft 属性的 cookie 的余地
注意:这与以下问题相同:http 400: 使用多重身份验证登录用户时标头请求的大小过长
2018-11 更新:
Azure AD B2C 允许您使用 b2clogin.com 而不是 login.microsoftonline.com,这将大大减少您遇到此问题的风险,因为您将不再与其他 Microsoft 服务共享 cookie.
I just received the following error when I tried to run a built-in b2c edit policy from portal.azure.com. I have 2 tabs of the portal open. Why am I receiving this error?
Note: I experienced this same error message when testing active-directory-b2c-dotnet-webapp-and-webapi sample project. The reason provided was I was sending too many cookies. Is it the same problem?
If it is the same problem, shouldn't stale cookies be deleted before creating new ones?
I do see a lot of cookies for https://login.microsoftonline.com
The error HTTP 400: Size of header request is too long generally happens because there's too many cookies or cookies that are too big.
Azure AD B2C's login goes through login.microsoftonline.com, as does almost every Microsoft service (O365, Azure, etc). So if you've got several accounts that you've signed in to across these services, you're accumulating cookies that will cause this problem.
This is bound to happen much more frequently to developers than end users as developers are logging in to the Azure portal with their corporate account, maybe also with a B2C admin account and then testing out their B2C-powered app with multiple logins.
In the long term, the answer will be to allow Azure AD B2C customers to specify their own custom domain. This gives the application's B2C cookies isolation from everything else in login.microsoftonline.com. As of 2019-06-23, this feature is still under development. You can support this feature and keep track of its progress by voting for it in the Azure AD B2C feedback forum: Customer-owned domains
However, in the interim, there are two things you can explore:
Clear your cookies. This will definitely work every time, it's just cumbersome, especially if presented to your end users.
Limit the amount of claims you include in your token. The more attributes you include in your policy, you'll end up with longer http requests which give you less margin for cookies from other Microsoft properties
Note: This is the same question as: http 400: size of header request is too long when signing in user using Multifactor authentication
2018-11 UPDATE:
Azure AD B2C allows you to use b2clogin.com instead of login.microsoftonline.com which will reduce your substantially reduce your exposure to this issue as you'll no longer share cookies with other Microsoft services.
这篇关于Azure 门户:错误请求 - 请求太长的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!