问题
Token is passed in Authorization header in GET request like this:
Authorization: Bearer <token here>
Using trial and error I figured out that header value limit must be around 2048, because requests with tokens smaller than that are passed to my ASP.NET app without any changes and requests with larger tokens have Authorization header removed triggering 401 in my app.
App is published to Azure. It doesn't seem to matter whether request is GET or POST.
Limit looks similar to querystring limit so I've increased the allowed query string and it didn't help.
IIS version: 8.0 (from response headers)
回答1:
By default, the header length limit is 65536 which is set in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters registry. I tested it both on my local machine and Azure Web App. Following is the code which I tested.
On server side I use
public class HomeController : Controller
{
public ActionResult Index()
{
return Content(Request.Headers["Authorization"]);
}
}
On client side, I use
static async void SendRequest()
{
HttpClient client = new HttpClient();
string token = "";
for (int i = 0; i < 2050; i++)
{
token = token + "0";
}
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
HttpResponseMessage message = await client.GetAsync("http://xxx.azurewebsites.net/");
string content = await message.Content.ReadAsStringAsync();
Console.WriteLine(content);
}
I can get the Authorization parameter back.
Using trial and error I figured out that header value limit must be around 2048
Another way which would modified the limit is the headerLimits config section. We could add length limit for specific header using this config section.
If I add following configuration to web.config. The request from my client was blocked and I got following error.
<system.webServer>
<security>
<requestFiltering>
<requestLimits>
<headerLimits >
<add header="Authorization" sizeLimit="2048" />
</headerLimits>
</requestLimits>
</requestFiltering>
</security>
</system.webServer>
If I increase the sizeLimit to meet the length of request Authorization header, for example 2058. The request will be executed OK.
So please check whether you have modified the headerLimits config section in your web.config file. If yes, It will block your request if the length of this header is larger than the limit value. To solve it, we can increase the value of sizeLimit to modify the limit of Authorization header.
来源:https://stackoverflow.com/questions/42862828/how-to-increase-size-limit-for-http-header-value-in-request-for-azure-iis