Share via

How to authenticate On IIS deployed blazor web app using azure entra ID (OIDC)

Kuldeep Y 41 Reputation points
2024-08-23T13:05:48.8866667+00:00

Hello

I have created a Blazor web app in .NET 8. where I have a client and a server project. In this application I want to apply authentication through azure Entra ID.
and replicate the flow from https://github.com/dotnet/blazor-samples

and it is working when run my project on https profile through visual studio get authenticated, But I deployed my application on IIS and run the application then getting issue Sometimes it says

Too much large header 400 error

or

Says change the Asp net environment to development I have done this but did not work.

any help would be appreciated thanks.

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,604 questions
Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,595 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,001 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,062 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. youzeliang 735 Reputation points
    2024-08-24T13:16:57.7133333+00:00

    When deploying a Blazor web app that uses Azure Entra ID for authentication on IIS, there are a few common issues that might cause the errors you're encountering, such as the "Too much large header 400 error" and issues with the environment settings. Here are some steps to help resolve these:

    1. Adjust IIS Request Limits
    • The "Too much large header 400 error" often occurs because the default IIS settings might limit the size of headers. Azure Entra ID tokens can be large, especially when the application uses multiple claims.
    • To adjust these limits:
      1. Open the IIS Manager.
      2. Select your site and go to the "Request Filtering" module.
      3. Under the "Request Limits" tab, increase the MaxAllowedContentLength and MaxQueryString values.
      4. You may also need to edit your web.config file directly to increase the maxAllowedContentLength in the <requestLimits> section:
    <system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxAllowedContentLength="30000000" />
    </requestFiltering>
  </security>
</system.webServer>
  2. Bruce (SqlWork.com) 66,226 Reputation points
    2024-08-26T15:25:32.6333333+00:00

    your authentication cookie is too large (over 12k). Either limit the number of claims, or configure IIS to support larger headers.

    https://github.com/MicrosoftDocs/iis-docs/blob/main/iis/configuration/system.webServer/security/requestFiltering/requestLimits/headerLimits/index.md

    note: proxies and firewalls can also limit header size, so it’s best to fix the underlying problem.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.