This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 12%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hello,
We are experiencing an issue with our ASP.NET MVC application that involves multiple iframes. Each iframe embeds the same application, which may be hosted on different domains. Authentication within each iframe is performed using AzureAD.
When the iframes are loaded, some of them encounter the error "400 Bad Request - Request Header Or Cookie Too Large" during requests to the path "/signin-oidc". This issue appears to be related to the cookies .AspNetCore.OpenIdConnect.Nonce and .AspNetCore.Correlation.AzureADOpenID, which are sent multiple times in the request headers.
I have attached an image to demonstrate this behavior.
Could you please provide an explanation for why this issue occurs and suggest potential solutions to handle this situation?
Thank you for your assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECE%3C/text%3E%3C/svg%3E)
Hello @Lydia,
Thanks for posting your question in the Microsoft Q&A forum.
This happens when the identity tokens gets too large. If the token contains too many claims, it might cause the cookie too large, and will show the 400 error.
To handle the 404 errors for /admin/host/ping in your ASP.NET MVC application hosted in Azure App Services, while reducing unnecessary logs in Application Insights, consider implementing the following solution:
Create a custom route for the /admin/host/ping endpoint:
routes.MapRoute( name: "AzurePing", url: "admin/host/ping", defaults: new { controller = "AzurePing", action = "Index" } );
Implement a controller to handle this route:
public class AzurePingController : Controller { public
Modify your Application Insights configuration to filter out these specific requests:
TelemetryConfiguration.Active.TelemetryProcessorChainBuilder
.Use((next) => new FilteringTelemetryProcessor(next))
.Build();
public class FilteringTelemetryProcessor : ITelemetryProcessor
{
private ITelemetryProcessor Next { get; set; }
public FilteringTelemetryProcessor(ITelemetryProcessor next)
{
this.Next = next;
}
public void Process(ITelemetry item)
{
if (!OkToSend(item)) { return; }
this.Next.Process(item);
}
private bool OkToSend(ITelemetry item)
{
var request = item as RequestTelemetry;
if (request != null &&
request.Url.AbsolutePath.Equals("/admin/host/ping", StringComparison.OrdinalIgnoreCase))
{
return false;
}
return true;
}
}
Thanks, Chaithra
Hello @Lydia,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Thanks,
Chaithra E
Hello @Chaithra E ,
Thank you for your response. The code you provided above does not apply to our situation, as we are attempting to address a 400 error that occurs when the cookie size is too large with AzureAD. Could you please provide any other suggestions related to our situation?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
This is typically caused by the user having too many role claims that makes the token too large to stored in a cookie. You are probably mapping all roles, you will need to refine the mapping.
Hello Bruce, thank you for your response. We have already attempted to include only the necessary roles in the token, but we are still encountering the same error. Do you have any suggestions?