当我尝试从portal.azure.com运行内置的b2c编辑策略时,刚收到以下错误。我打开了门户的2个选项卡。为什么会收到此错误?
错误的请求-请求太长HTTP错误400。请求标头的大小太长。
注意:在测试active-directory-b2c-dotnet-webapp-and-webapi示例项目时,我遇到了同样的错误消息。提供的原因是我发送了太多Cookie。是一样的问题吗?
如果是同样的问题,那么在创建新的cookie之前不应该删除它们吗?
我确实看到了很多https://login.microsoftonline.com的Cookie
错误HTTP 400:标头请求的大小太长通常会发生,因为Cookie过多或Cookie太大。
Azure AD B2C的登录以及几乎每个Microsoft服务(O365,Azure等)都通过login.microsoftonline.com进行登录。因此,如果您拥有跨这些服务登录的多个帐户,则说明您正在积累cookie,这将导致此问题。
This is bound to happen much more frequently to developers than end users as developers are logging in to the Azure portal with their corporate account, maybe also with a B2C admin account and then testing out their B2C-powered app with multiple logins.
In the long term, the answer will be to allow Azure AD B2C customers to specify their own custom domain. This gives the application's B2C cookies isolation from everything else in login.microsoftonline.com. As of 2019-06-23, this feature is still under development. You can support this feature and keep track of its progress by voting for it in the Azure AD B2C feedback forum: Customer-owned domains
However, in the interim, there are two things you can explore:
Clear your cookies. This will definitely work every time, it's just cumbersome, especially if presented to your end users.
Limit the amount of claims you include in your token. The more attributes you include in your policy, you'll end up with longer http requests which give you less margin for cookies from other Microsoft properties
Note: This is the same question as: http 400: size of header request is too long when signing in user using Multifactor authentication
Azure AD B2C allows you to use b2clogin.com instead of login.microsoftonline.com which will reduce your substantially reduce your exposure to this issue as you'll no longer share cookies with other Microsoft services.
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句