Azure AD Bad Request

Question

I am using https://myapps.microsoft.com/ as my login page.

However there are instances that when I click my application from the dashboard, I get a session expired when page is redirected. I have to close and click it again that's the time I get the session in my page.

Second scenario is I always get a "Bad Request - Request Too Long error ". What configuration did I miss?

Here's the code I use:

public class Logon
{
    [Authorize]
    public void Authenticate()
    {
        if (ClaimsPrincipal.Current.Identity.IsAuthenticated)
        {
            string userfirstname = ClaimsPrincipal.Current.FindFirst(ClaimTypes.GivenName).Value;
            string userlastname = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Surname).Value;  

            // do some checking 
            // set session and redirect 
            // when page is redirected to Home Index, session checking occur

            Response.Redirect("~/Home/Index");
        }
    }
}

As for the Azure Settings

My homepage URL and Reply URL is set to: https://mysite/logon/authenticate hosted on my local IIS.

I added my app through App Registration menu in Azure AD panel.

Thank you.

Answer 1

Are you logging in with a specific set of credentials? This issue can happen if a user is a part of too many Azure AD groups. You can either remove the number of user groups that you are a member of or increase the settings for the MaxFieldLength and the MaxRequestBytes registry entries on the server so that the user's request headers don't exceed these values.

See here: https://support.microsoft.com/en-us/help/2020943/http-400-bad-request-request-header-too-long-response-to-http-request

See also: https://medium.com/@marilee.turscak/reply-urls-vs-postlogoutredirecturis-in-azure-active-directory-aad-20f57a03267b