Web API最大标头值长度? [英] Web API maximum header value length?
问题描述
我已经在ASP.Net中创建了一个Web API项目,但是在使身份验证工作时遇到了一些麻烦。
I've created a Web API project in ASP.Net, and am having some trouble getting the authentication working.
API希望提交令牌在每个请求的授权标头中。检查头是否已设置的代码将检查
The API is expecting a token to be submitted in the Authorization header in each request. The code that checks to see if the header is set checks if the
HttpRequestMessage.Headers.Authorization
HttpRequestMessage.Headers.Authorization
属性为空。我测试此函数的前几次,我发现此属性始终为null,但是奇怪的是,如果您检查了可枚举的HttpRequestMessage.Headers,则可以正确设置Authorization标头(如果您执行了HttpRequestMessage.Headers.ToString() ,它也会出现在这里。)
property is null. The first few times I tested this, I discovered that this property was always null, but the strange part is that if you checked the HttpRequestMessage.Headers enumerable, the Authorization header WAS set correctly (also if you did HttpRequestMessage.Headers.ToString(), it would appear there too).
陌生人仍然发现,如果删除令牌中发送的某些属性,我可以使其工作预期。因此,如果标头值的字符长度太长,就好像没有设置Authorization属性。不幸的是,即使手动从令牌中删除了一些文本,它也会继续按摘要检查失败,因为应该这样做!
Stranger still, I found that if I removed some of the attributes that are sent in the token, I could get it to work as expected. So it was as though the Authorization property wasn't being set if the header value's character length was too long. Unfortunately, even when manually removing some of the text from the token, it would then proceed to fail on a digest check, as it should!
我找不到任何内容文档中提到了这一点,所以我想知道是否有人遇到过?我认为对于IIS来说标题并不长,因为标题值出现在HttpRequestMessage.Headers.ToString()中,因此可以接收它,但是由于某种原因,它没有分配给Authorization属性。
I can't find any documentation that mentions this, so I was wondering if anyone else has come across it? I don't think the header is too long for IIS, because the header value appears in HttpRequestMessage.Headers.ToString(), so it IS being received, but for some reason it's not being assigned to the Authorization property.
不幸的是,我无法重新编写检查该属性的代码(这似乎是简单的解决方案),因为它属于Thinktecture库的一部分(即不是我们自己编写的)。
Unfortunately I can't re-write the code that checks this property (this seems the easy solution) because it's apart of the Thinktecture library (ie not written by ourselves).
推荐答案
如果要在GET上传递参数,则只能使用2100个字符。 RFC规范在实现之间会有所不同。大多数浏览器将您限制为2083个字符。您肯定可以摆脱1000个字符。
If you are passing the parameters on a GET, you will be limited to 2100 characters. The RFC spec will be different between implementations. Most of the browsers limit you to 2083 characters. You can definitely get away with 1000 characters.
如果在POST上传递参数,则长度实际上应该是无限的。
If you are passing the parameters on a POST, you should have virtually unlimited lengths.
这篇关于Web API最大标头值长度?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
