Size of the request headers is too long

Question

I'm currently working on an ASP.NET MVC website and it works fine.

But I have a problem that I don't understand at all... When I launch my website on Visual Studio with Chrome for example no problem, but when I stop it and try to launch an other test with Firefox for example, my url is growing and then I get this error :

HTTP 400. The size of the request headers is too long.

Can someone explain me why this is happening ? Is it something with my code or does it come from IIS express or anything else ?

Thanks in advance

Answer 1

As you may already figured out issue, a simple temporary solution would be to switch your browser while debugging.

Answer 2

Following Ifeanyi Chukwu's answer, for my case, I tried with private mode (Incognito) and it works fine. Then I go to browser settings and delete cookies of my site (localhost). That fixes the issue.

Answer 3

In windows system generally this error occurs due to the default header size limits set in the http.sys service. This service acts as a protective layer before requests are forwarded to the application to prevent it from being overwhelmed by invalid requests.

You can override the default max header limit by modifying the windows registry.

Follow the steps :

• Run regedit
• From the address bar go to the address : Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters or drill down manually.
• Right click on "Parameters" > New > DWORD
• Rename the new entry to MaxFieldLength
• Right click the newly created MaxFieldLength, modify it and set the value to desired max individual header size in bytes, make sure base is set to decimal.
• Do the same for MaxRequestBytes. Make it sufficiently higher to match value set in MaxFieldLength.
• Open command prompt as administrator
• Enter the command "net stop http" (make sure visual studio or other interfering programs are closed)
• Enter the command "net start http"

Resources:

• Enabling logging
• Supported parameters

Answer 4

In my case, I had cookies from a number of different apps served on my localhost with large cookies. FF differentiates by host-name so clearing my cookies from localhost fixed it.

Answer 5

.NET MVC SOLUTION FOR ME In my case, it was my claims that was multiplying my session cookies to look as below in my browser cookies:

.AspNet.ApplicationCookie
.AspNet.ApplicationCookieC1
.AspNet.ApplicationCookieC2
.AspNet.ApplicationCookieC3
.AspNet.ApplicationCookieC4
.AspNet.ApplicationCookieC5
.AspNet.ApplicationCookieC6
.AspNet.ApplicationCookieC7
__RequestVerificationToken

I simply went to aspNetUserClaims table in my mssql management studio and cleared it. Then cleared the browser cookie for the project.

Refreshed the page. Kalas!!! Done!! I believe it happened because I was switching from one database connectionstring to another which caused the claimsManager to recreate session and add to my cookie. On saturation, everyting exploded.

Answer 6

You can probably increase the size of requests your webserver will allow. However, take a look at the amount and the size of cookies your browser are sending to the server. Clear your cookies and try again, and see if you can reduce the size and amount of cookies your app is using. The less, the better! Mobile browsers can get these errors, as they don't allow the same size as do desktop browsers(?).

The error can also mean the query string is getting too large.

Answer 7

try this

<system.web>
        <httpRuntime maxRequestLength="2097151" executionTimeout="2097151" />
</system.web>

The maxRequestLength default size is 4096 KB (4 MB).

if browser request some resource again and again , at some time request header value length increase by number of times so we may try to extend request length to max length. i hope this may usefull

Answer 8

Check the MSDN:

Cause

This issue may occur when the user is a member of many Active Directory user groups. When a user is a member of a large number of active directory groups the Kerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up. If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.

Resolution

To work around this problem, choose one of the following options:

A) Decrease the number of Active Directory groups that the user is a member of.

OR

B) Modify the MaxFieldLength and the MaxRequestBytes registry settings on the IIS server so the user's request headers are not considered too long. To determine the appropriate settings for the MaxFieldLength and the MaxRequestBytes registry entries, use the following calculations:

1. Calculate the size of the user's Kerberos token using the formula described in the following article:

   New resolution for problems with Kerberos authentication when users belong to many groups http://support.microsoft.com/kb/327825

2. Configure the MaxFieldLength and the MaxRequestBytes registry keys on the IIS server with a value of 4/3 * T, where T is the user's token size, in bytes. HTTP encodes the Kerberos token using base64 encoding and therefore replaces every 3 bytes in the token with 4 base64 encoded bytes. Changes that are made to the registry will not take effect until you restart the HTTP service. Additionally, you may have to restart any related IIS services.