For the next poor soul to find this:
We found a way to increase the supported size in IIS in a fairly ancient StackOverflow post:
https://stackoverflow.com/questions/8159321/request-exceeds-the-configured-maxquerystringlength-when...Successful solution is:
In the root web.config for your project, under the system.web node:
<system.web>
<httpRuntime maxUrlLength="10999" maxQueryStringLength="2097151" />
...
In addition, I had to add this under the system.webServer node or I got a security error for my long query strings:
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxUrl="10999" maxQueryString="2097151" />
</requestFiltering>
</security>
...
It is critical that you update the values in BOTH web.config and system.web.
The suggestion to change response_mode to "form_post" couldn't be used for us because we are using a 3rd party module to handle the OIDC login, and it only support "query".
And not to be over the top... but I can't leave without encouraging the B2C engineering team to take some more steps next time there is a breaking change. Since we are paying for this service, I think the following is a reasonable expecation:
1. The standard Azure change notification email that goes out when updates are planned
2. The Azure B2C “What’s New” section in the Azure Portal
3. For a BREAKING change such as this…
a. Every B2C admin should have been specifically targeted with several emails before rollout
b. There should be a clear explanation of how to test your application BEFORE go live
c. There should be a complete list of mitigation steps, which was not the case. In our case IIS and Dotnet themselves – Microsoft products, as you know – are what broke. Not 3rd party solutions. Microsoft solutions.
Even now… AFTER rollout of this breaking change… the Azure B2C “What’s New” is not updated.
