HTTP ERROR 414

Question

HTTP ERROR 414

Bhassan 0

Hi Dears,

I need your help with fixing this "HTTP ERROR 414" "URI too long", I have hosted a web app on azure web application (Linux based container), the application developed with asp.net core mvc, now I published but the login page doesn't open it shows the HTTP ERROR 414 , would you please tell me wht is the issue and how can we fixed? as you know azure web app is Paas I can't change anything on the configuration.

Thanks in advance,

Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-08T08:25:26.07+00:00
Hi Bhassan,

An HTTP 414 (URI Too Long) error typically occurs when the URL exceeds the server's limit. Since you're using ASP.NET Core MVC and Azure App Service (Linux), and this error happens on the login page, this is very likely related to Azure AD or an external identity provider using OpenID Connect (OIDC) or OAuth2.

Use ResponseMode=FormPost in OpenID Connect

In your Startup.cs or Program.cs, where you're configuring authentication:

options.ResponseMode = "form_post";

Example for Azure AD:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi() .AddInMemoryTokenCaches(); services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => { options.ResponseMode = "form_post"; });

This makes the identity provider POST the token back instead of putting it in the URL.

Reduce the Size of the Auth State: If you're using custom AuthenticationProperties or Claims, avoid storing too much data in state or nonce.

For example:

Don't pass large complex objects in state.

Avoid custom claims that are unnecessarily large.

Use Server-Side Session Instead of TempData via Cookies: ASP.NET Core’s TempData and AuthenticationProperties use cookies by default. If your app stores large payloads in these (like in TempData["ReturnUrl"]), the URL can grow too large. Use server-side session instead if necessary.

If you have any further assistant, do let me know.
Bhassan 0 Reputation points

2025-04-08T08:41:55.55+00:00

Thank you for the answer but I used custom authentication asp.net the default one no AAD, can you help with that?
Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-10T05:16:35.04+00:00

Hi Bhassan,

Just checking back to see if the above comment helped or you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-11T02:18:09.61+00:00

Hi Bhassan,

Just checking back to see if the above comment helped or you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-08T08:25:26.07+00:00

Hi Bhassan,

An HTTP 414 (URI Too Long) error typically occurs when the URL exceeds the server's limit. Since you're using ASP.NET Core MVC and Azure App Service (Linux), and this error happens on the login page, this is very likely related to Azure AD or an external identity provider using OpenID Connect (OIDC) or OAuth2.

Use ResponseMode=FormPost in OpenID Connect

In your Startup.cs or Program.cs, where you're configuring authentication:

options.ResponseMode = "form_post";

Example for Azure AD:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi() .AddInMemoryTokenCaches(); services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => { options.ResponseMode = "form_post"; });

This makes the identity provider POST the token back instead of putting it in the URL.

Reduce the Size of the Auth State: If you're using custom AuthenticationProperties or Claims, avoid storing too much data in state or nonce.

For example:

Don't pass large complex objects in state.

Avoid custom claims that are unnecessarily large.

Use Server-Side Session Instead of TempData via Cookies: ASP.NET Core’s TempData and AuthenticationProperties use cookies by default. If your app stores large payloads in these (like in TempData["ReturnUrl"]), the URL can grow too large. Use server-side session instead if necessary.

If you have any further assistant, do let me know.
Bhassan 0 Reputation points

2025-04-08T08:41:55.55+00:00

Thank you for the answer but I used custom authentication asp.net the default one no AAD, can you help with that?
Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-10T05:16:35.04+00:00

Hi Bhassan,

Just checking back to see if the above comment helped or you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Siva Nair 2,340 Reputation points Microsoft External Staff Moderator

2025-04-11T02:18:09.61+00:00

Hi Bhassan,

Just checking back to see if the above comment helped or you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi Bhassan,

Thanks for Confirming. The HTTP ERROR 414 you're seeing on the login page is likely caused by an overly long request URL or headers and in our case, since we're using custom ASP.NET Core authentication (not Azure AD), this is most likely due to one of the following:

ASP.NET Core uses cookie-based authentication, which stores user claims in the cookie itself. If we’re storing too many or large claims (like serialized user data, permissions, or tokens), the cookie can grow beyond the limit accepted by the server — especially on Linux-based Azure App Service which uses Nginx.

solution:-- We should review and limit the number and size of claims added during sign-in. Only essential claims (like user ID or username) should be included.

Cookie-Based TempData or ViewData- By default, ASP.NET Core stores TempData in cookies. If we’re storing large messages, error details, or return URLs in TempData, it will inflate the cookie size.

solution:-- We can switch TempData to use session-based storage by updating our Startup.cs:

services.AddSession();
services.AddControllersWithViews()
        .AddSessionStateTempDataProvider();

And in the middleware pipeline:

app.UseSession();

This keeps large data off the client and avoids oversized request headers.

Another potential cause is if our login redirects (like ReturnUrl=...) include very long or encoded data — for example, if we’re appending serialized JSON or long query strings to the login URL.

solution:-- We should avoid placing large data in the query string. Instead, store it in session or cache, and just pass a short key or ID in the URL.

collective Keypoints-

Reviewing the size of cookies during login (check browser DevTools → Network).
Refactoring the ClaimsPrincipal to remove any unnecessary claims.
Switching TempData to session-backed storage.
Validating that redirect URLs are short and safe.

Please refer ,

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims?view=aspnetcore-9.0

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-9.0

https://learn.microsoft.com/en-us/entra/identity-platform/reply-url

If you have any further assistant, do let me know.

If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

Share via

HTTP ERROR 414

1 answer

Your answer