Too many cookies OpenIdConnect.nonce cause error page “Bad Request - Request Too Long”

Question

I\'m using OWIN / OAuth with OpenId Connect authentication (Microsoft.Owin.Security.OpenIdConnect) in a C# ASP MVC web app. The SSO login with Microsoft account

Answer 1

In my case the problem was the order in which I was configuring the application inside Startup.cs.

Reminder to self - always configure authentication first!

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = _clientId,
                ClientSecret = _clientSecret,
                Authority = _authority,
                RedirectUri = _redirectUri
            });

        // configure the rest of the application...
    }