cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
400 Error in ASP.NET Core Project because of 8 KB cookie limit in Angular
By
Praveen_Kumar_M
Published Aug 24 2019 01:25 PM 8,646 Views
Praveen_Kumar_M
Microsoft
‎Aug 24 2019 01:25 PM

400 Error in ASP.NET Core Project because of 8 KB cookie limit in Angular

‎Aug 24 2019 01:25 PM

Recently, I came across an interesting problem. Whenever we run my ASP.NET Core application in Development environment, I get the below exception.

 

Details about the setup:

The below template was used:

Angular project template with ASP.NET core - https://docs.microsoft.com/en-us/aspnet/core/client-side/spa/angular?view=aspnetcore-2.2&tabs=visual... along with AAD integration.

When we publish this application in Azure App Service, it works fine. But when we run the same application in Visual Studio, it fails with the below error.

 

CaptureError.JPG

An unhandled exception occurred while processing the request.

IOException: The server returned an invalid or unrecognized response.
System.Net.Http.HttpConnection.FillAsync()

HttpRequestException: An error occurred while sending the request.
System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)

HttpRequestException: Failed to proxy the request to http://localhost:54232/, because the request to the proxy target failed. Check that the proxy target server is running and accepting requests to http://localhost:54232/.

The underlying exception message was 'An error occurred while sending the request.'.Check the InnerException for more details.
Microsoft.AspNetCore.SpaServices.Extensions.Proxy.SpaProxy.PerformProxyRequest(HttpContext context, HttpClient httpClient, Task<Uri> baseUriTask, CancellationToken applicationStoppingToken, bool proxy404s)

·      Stack 
·      Query 
·      Cookies 
·      Headers

IOException: The server returned an invalid or unrecognized response.
    System.Net.Http.HttpConnection.FillAsync()
    System.Net.Http.HttpConnection.ReadNextResponseHeaderLineAsync(bool foldedHeadersAllowed)
    System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)

Show raw exception details

HttpRequestException: An error occurred while sending the request.
    System.Net.Http.HttpConnection.SendAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
    System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, bool doRequestAuth, CancellationToken cancellationToken)
    System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, bool doRequestAuth, CancellationToken cancellationToken)
    System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
    Microsoft.AspNetCore.SpaServices.Extensions.Proxy.SpaProxy.PerformProxyRequest(HttpContext context, HttpClient httpClient, Task<Uri> baseUriTask, CancellationToken applicationStoppingToken, bool proxy404s)

Show raw exception details

HttpRequestException: Failed to proxy the request to http://localhost:54232/, because the request to the proxy target failed. Check that the proxy target server is running and accepting requests to http://localhost:54232/. The underlying exception message was 'An error occurred while sending the request.'.Check the InnerException for more details.
    Microsoft.AspNetCore.SpaServices.Extensions.Proxy.SpaProxy.PerformProxyRequest(HttpContext context, HttpClient httpClient, Task<Uri> baseUriTask, CancellationToken applicationStoppingToken, bool proxy404s)
    Microsoft.AspNetCore.Builder.SpaProxyingExtensions+<>c__DisplayClass2_0+<<UseProxyToSpaDevelopmentServer>b__0>d.MoveNext()
    Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
    Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
    Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
    Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Show raw exception details

 

It took almost a whole day for me to narrow down the problem:

  • The AAD auth settings and configurations both in the azure portal as well as the app is correct.
  • The auth flow is same between the working and non-working scenarios.
  • We compared the headers, cookies, tokens etc. very closely between working and non-working cases and nothing is different.
  • We captured the log statement from the .net core and har file and cookie sent and received are all the same.
  • The concerning error was misleading “The server returned an invalid or unrecognized response.”, digging further we identified it was actually a HTTP 400 error underneath.

Sample log file:

Host: localhost:44341
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
upgrade-insecure-requests: 1
MS-ASPNETCORE-TOKEN: c34057dc-48b2-408b-ab2d-c4c768ebecc7
X-Forwarded-For: [::1]:54863
X-Forwarded-Proto: https
X-P2P-PeerDist: Version=1.1
X-P2P-PeerDistEx: MinContentInformation=1.0, MaxContentInformation=2.0

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44341/ 
LoggingConnectionAdapter:Debug: WriteAsync[101] 48 54 54 50 2F 31 2E 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 30 33 20 41 70 72 20 32 30 31 39 20 31 39 3A 35 30 3A 32 37 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 4B 65 73 74 72 65 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 30 0D 0A 0D 0A
HTTP/1.1 400 Bad Request
Date: Wed, 03 Apr 2019 19:50:27 GMT
Server: Kestrel
Content-Length: 0

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 1046.4958ms 400

 

The actual issue:

We identified that, in development, requests are proxied to the Angular development server that gets started as a background process which is a Node.JS server which has a header limit of ~8kb. Hence, it is failing with 400 error.

Refer: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/#denial-of-service-with-lar...

 

Recommendation:

  • So, if you want to use AAD auth in development environment you’re going to need to slim down the cookie, likely by filtering out unneeded claims. There’re some related docs here:

         Refer: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims?view=a...

  • Also, we can install latest Nodejs that supports increasing the header size.

         Refer: https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md

 

Note: This issue impacts any project template that uses the following.

ASP.NET core + Angular + AAD (OAuth)

ASP.NET core + React + AAD (OAuth)

1 Comment
XWIKO
Copper Contributor
‎Apr 15 2020 03:41 AM
‎Apr 15 2020 03:41 AM

I had the problem when trying out my VS2019 React template .NET core 3.1 using Keycloak as OP.

It also went wrong with trying to proxy, while it worked fine the other day.

 

All of the sudden it could not start anymore. Even creating a new React template app did not start.

I thought it had to do with a .NET Core update as stated here. But no update was done.

https://stackoverflow.com/questions/56777995/asp-net-core-3-0-react-app-errors-failed-to-proxy

 

Reading this article I just deleted some cookies.

And now the projects and fresh templates work again.

So now I have to look into slimming down my cookies.

 

Thanks. Good find.

Version history
Last update:
‎Aug 24 2019 01:56 PM
Updated by: