c#Identity Server错误请求-请求太长 [英] c# Identity Server Bad Request - Request Too Long
问题描述
我想找到一个奇怪的问题.
I have an odd issue that I am trying to track down.
如果我使用自签名证书将客户端和Identity Server部署到Azure,则代码有效.
If I deploy my client and Identity Server to Azure, using a self signed certificate then the code works.
我现在将其移至我们的UAT环境,在该环境中,身份服务器配置为使用购买的证书.已为单个域提供此证书. identity.mydomain.com
I have now moved it to our UAT environment, where the identity server is configured to use a purchased certificate. This certificate has been provided for a single domain. identity.mydomain.com
客户端具有此证书的密码,因此它可以执行所需的操作.
The client has the password for this certificate so it can do what it needs to.
当我浏览到身份服务器时,我可以登录到admin部分,因此所有这些都可以正常运行.如果我浏览到客户端,它将重定向到我可以登录的身份服务.但是,一旦我登录并重定向回我的网站,就会收到以下错误;
When I browse to the identity server I can log in to the admin section, so that is all running correctly. If I browse to the client, it redirects to the identity service where I can log in. But as soon as I log in, and am redirected back to my website, I get the following error;
Bad Request - Request Too Long
HTTP Error 400. The size of the request headers is too long.
查看cookie,我可以看到创建的全部cookie.我已经删除了这些文件并重新启动,但是仍然存在相同的问题. 如果我通过使用来增加缓冲区的大小.
Looking at the cookies, I can see a whole load of cookies created. I have deleted those and restarted, but I still have the same issue. If I increase the size of the buffers by using.
<httpRuntime maxRequestLength="2097151" executionTimeout="2097151">
然后它可以工作,但是我担心我是在掩盖问题而不是在解决它.
Then it works, but I am concerned that I am masking a problem rather than fixing it.
是否还有其他人必须这样做才能使身份服务器在iis上工作?
Has anyone else had to do this to get identity server to work on iis?
推荐答案
我最近遇到了这个问题.解决方案是降级使用的NuGet软件包Microsoft.Owin.Security.OpenIdConnect.我正在使用3.0.1.您必须降级到3.0.0.这是Owin/Katana中间件的问题.可以在此处找到该问题的描述.请注意,该页面说明了如何解决库中的实际问题.我没有尝试过,它也可以工作,值得尝试.
I've had this issue recently. The solution was to downgrade the used NuGet package Microsoft.Owin.Security.OpenIdConnect. I was using 3.0.1. You must downgrade to 3.0.0. This is an issue with Owin/Katana middleware. Descriptioin of the issue can be found here. Note that the page states how to fix the actual issue in the library. I haven't tried that, it could also work and is worth the try.
请注意,第一次使用适当的修补程序进行重新部署时,必须清除cookie.作为临时解决方法,您始终可以清除Cookie,然后再次访问该网站.但是,在某些时候,它将始终将一堆随机数字符串粘贴在cookie中.可以在此处找到类似的问题.
Note that you must clear your cookies the first time you redeploy with the fix in place. As temporary fix, you can always clear your cookies, and just visit the site again. At some point however, it will always stick bunch of nonce strings in the cookie. Similar issue can be found here.
这篇关于c#Identity Server错误请求-请求太长的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
