问题
I've created a Web API project in ASP.Net, and am having some trouble getting the authentication working.
The API is expecting a token to be submitted in the Authorization header in each request. The code that checks to see if the header is set checks if the
HttpRequestMessage.Headers.Authorization
property is null. The first few times I tested this, I discovered that this property was always null, but the strange part is that if you checked the HttpRequestMessage.Headers enumerable, the Authorization header WAS set correctly (also if you did HttpRequestMessage.Headers.ToString(), it would appear there too).
Stranger still, I found that if I removed some of the attributes that are sent in the token, I could get it to work as expected. So it was as though the Authorization property wasn't being set if the header value's character length was too long. Unfortunately, even when manually removing some of the text from the token, it would then proceed to fail on a digest check, as it should!
I can't find any documentation that mentions this, so I was wondering if anyone else has come across it? I don't think the header is too long for IIS, because the header value appears in HttpRequestMessage.Headers.ToString(), so it IS being received, but for some reason it's not being assigned to the Authorization property.
Unfortunately I can't re-write the code that checks this property (this seems the easy solution) because it's apart of the Thinktecture library (ie not written by ourselves).
回答1:
If you are passing the parameters on a GET, you will be limited to 2100 characters. The RFC spec will be different between implementations. Most of the browsers limit you to 2083 characters. You can definitely get away with 1000 characters.
Microsoft
Pretty much everybody else
If you are passing the parameters on a POST, you should have virtually unlimited lengths.
来源:https://stackoverflow.com/questions/22923400/web-api-maximum-header-value-length