How many claims can a role or user have? I've been working on an app using ASP.Net.Core 2.2 and AspNet.Core.Identity. All works fine until testing on my browser. Under debugging in VS2019 there is no such problem.
I deployed my app for further testing and run into this error (below). I have the same problem in IE, GC and FF.
HTTP Error 400. The size of the request headers is too long.
I'm using Roles
and RoleClaims
After some digging around I find its to do with Role/Claims in the fact there are too many of them that it blows the cache. Basically Identity
in trying to store all the claims in a cookie and the cookie is now just too big.
It just seems really odd that Microsoft would give you all that complexity only to have yo thwarted by the browser.
So my questions are: - What's the point of roles/claims if you can' exploit them because of browser restrictions? - It's there anything documented on the imaginary limit (max no. of claims per role)?
Just to let you know I could not get ITicketStore to work no matter what I tried. I even spent several days reading all the documents I could find on ITicketStore, it's not very well documented at all. And this seems like quite a common problem (the cookie thing and ITicketStore documentation).
Anyway, I changed my application so that Asp.Net.Identity only picks up the user role. This solves the cookie size problem.
I've implemented my own functions to check the role-claims. Which works better I feel as any changes happen live so no need to log on/off to get new claims or revoke existing claims.
I have a service function, that takes an IdentityUser<AppUser>
and a Claim name (string).
_adminService.UserHasClaim(user, ClaimName) // returns true or false if you have that claim or not
I have my own table, identical to the AspNetRoleClaims table that contains the values. The Asp.Net.Identity version of that table is now empty so the cookie doesn't contain any claims.
public bool UserHasClaim(AppUser user, string claimValue)
{
var claim = (from c in _context.AppUserRoleClaims
join t in _context.AppUserClaimTypes on c.ClaimID equals t.ID
join r in _context.UserRoles on c.RoleId equals r.RoleId
where r.UserId == user.Id && t.ClaimValue == claimValue select c).FirstOrDefault();
return (claim != null);
}
It might not be perfect or ideal but it works and I can't afford any more time trying to solve this using identity. I don't claim it to be ideal and I'll probably come back to it later in time.
Happy to take comments on a better workable solution, but for now that's how I've solved the problem.
So, moving on ...
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments