Comments (28)
Each time you sign in, it's storing more cookies in your browser. Since the domain is the same, the browser sends all of the cookies, including the stale ones. This is blowing up the cookie header fields and making the headers too long. To fix it, just clear your cookies. If you're testing your setup, I would recommend using a private browser.
from active-directory-b2c-dotnet-webapp-and-webapi.
This is a problem for my organization as well. We went through a lot of hoops to get B2C as a solution and having no clear solution to this isn't going over well with the stakeholders. We are already using the b2clogin.com domain. Any guidance on clearing the offending cookies programmatically or otherwise would help.
from active-directory-b2c-dotnet-webapp-and-webapi.
My organization and our clients are regularly seeing this issue. We use Azure AD w/ the Office 365 Suite of apps, Visual Studio Team Services, Azure Portal, and an Azure AD B2C instance. When using all of these applications at once in a browser, we encounter this error regularly. Clearing cookies is okay once in a while but gets annoying quickly. Furthermore, we can't also expect our customers who are using Azure AD B2C (via our applications) and other MSFT services to be expected to do the same. Is there anything we can do on our end to resolve this problem so we don't have to tell our customers to clear their cookies or use a private/incognito browser session - both of which are not reasonable expectations to put upon our customers?
from active-directory-b2c-dotnet-webapp-and-webapi.
- Voted for custom domains. (An eta would be nice on this.)
- Clearing cookies is an unrealistic solution for a normal user. Should we tell our users to log in incognito to access our apps? (How could this issue be closed when it is a production issue that doesn't just affect devs/engineers?)
- The number of claims we have is almost the bare minimum. (Less than 7 total with one custom claim.)
from active-directory-b2c-dotnet-webapp-and-webapi.
@RobARichardson , @spottedmahn , I replied to the StackOverflow post. Nothing too useful unfortunately given that there isn't a great answer today.
Summary:
- Long term answer is
custom domainscustom domains, that's in the works, vote for it. - In the interim, clear cookies (lame, yes)
- Alternatively, see if you can try reducing the number of claims included in the token (sometimes helps).
from active-directory-b2c-dotnet-webapp-and-webapi.
This issue should be reopened. The suggested feature request link is broken, the problem still persists. Our customers are hitting this. I have 94 x-cpim-...
cookies in my request and I cleared them yesterday.
from active-directory-b2c-dotnet-webapp-and-webapi.
Totally understand where you guys are coming from. Clearing the cookies is meant for the scenario where it happens to devs, which has been the majority of the reported cases so far. But again, no argument that clearing cookies is (to put it mildly) an undesirable experience for end users.
I believe (I'll let @parakhj chime in on this as I'm not on the B2C team anymore) that custom domains is one of the top priority items in the team's backlog, at which point this will be a nonissue. He should be able to provide a better ETA here (hopefully via an update to the feedback item).
As for the issue being closed, that's because this isn't an issue with the sample itself, but a limitation of B2C itself which is being tracked via that outstanding feedback entry.
from active-directory-b2c-dotnet-webapp-and-webapi.
Just an FYI: I work on B2C team and our people are looking at this issue (not for the first time, I'll note--we've fixed this in the past). We'll report back as soon as we have more information.
from active-directory-b2c-dotnet-webapp-and-webapi.
We have moved over to using the b2clogin.com domain, but we are still getting this issue.
I don't think it's right that this issue be closed.
Edit: Just seen that this is closed because this issue is for the sample code. It's the first result on google for "b2clogin.com header field too long" which is how I arrived here.
If anyone has any information about whether Microsoft are doing anything about this then it would be much appreciated.
from active-directory-b2c-dotnet-webapp-and-webapi.
@RobARichardson I don't know if you'll get much traction on this thread...
FYI, I just hit this error today using portal.azure.com. I posted it to SO. Hopefully, some more insights will come out of it.
When I got the error originally, I figured I need to do more work in my app to prevent this. But today, I received it using the Azure portal. And based upon your desc, maybe there's a more fundamental problem here. Not sure.
from active-directory-b2c-dotnet-webapp-and-webapi.
Agreed with @gsacavdm above. Custom domains (the ability for you to choose your domain) is hitting a few technical issues, so we are working to enable a new domain that B2C tenants can run on (something like b2clogin.com). This will be shipped earlier than custom domains, so that you won't see the cookies issues that you are noticing on login.microsoftonline.com. I would vote this feature so that you know when we enable the preview for it.
from active-directory-b2c-dotnet-webapp-and-webapi.
This is the name of the cookie being stored: "x-ms-cpim-rc"
Which as per MS Documentation is "Used for storing the relay cookie."
Is there a way for disabling it, or if we can force the deletion of the old ones?
from active-directory-b2c-dotnet-webapp-and-webapi.
@parakhj @gsacavdm Thanks guys for the quick responses. Makes sense why it's closed for this sample. We will just monitor those features for now. Thank you!
from active-directory-b2c-dotnet-webapp-and-webapi.
@Sipower In production. We have multiple websites using the same b2c which appears to amplify the problem, and it doesn't take long to run up a huge set of x-ms-cpim-rc:...
cookies which eventually breaks login. Our customers only use one or two sites with the same B2C settings but they also hit this problem from time to time.
from active-directory-b2c-dotnet-webapp-and-webapi.
@jayallen Any update? Can we get this bug re-opened at least?
from active-directory-b2c-dotnet-webapp-and-webapi.
Agreed with @gsacavdm above. Custom domains (the ability for you to choose your domain) is hitting a few technical issues, so we are working to enable a new domain that B2C tenants can run on (something like b2clogin.com). This will be shipped earlier than custom domains, so that you won't see the cookies issues that you are noticing on login.microsoftonline.com. I would vote this feature so that you know when we enable the preview for it.
The feature requested to vote on is for enabling javascript for custom login page, is there a separate feature request for a new domain like b2clogin?
from active-directory-b2c-dotnet-webapp-and-webapi.
Can we get some movement on fixing the failing state of azure demos?
from active-directory-b2c-dotnet-webapp-and-webapi.
This issue should be reopened. The suggested feature request link is broken, the problem still persists. Our customers are hitting this. I have 94
x-cpim-...
cookies in my request and I cleared them yesterday.
Are you experiencing this issue in dev environment or in live production?
from active-directory-b2c-dotnet-webapp-and-webapi.
Hitting the same thing here.
from active-directory-b2c-dotnet-webapp-and-webapi.
I no longer work at the Azure AD B2C team nor Microsoft, but FYI for others interested on this thread, the feature I reference a loooong time ago - custom domains is now available. That should help with this issue.
from active-directory-b2c-dotnet-webapp-and-webapi.
@gsacavdm It doesn't help [much]. We are using a custom domain and still hit this issue regularly.
from active-directory-b2c-dotnet-webapp-and-webapi.
Ah, sorry about that :S
I'm not sure what B2C is stashing in the cookies these days that results in this error when you have an isolated domain. I'll defer to the Microsoft team to provide more insights.
from active-directory-b2c-dotnet-webapp-and-webapi.
@jayallen this has become super annoying for so many of our users. Even if they shutdown their devices and restart and re-open a web browser this issue can still occur, its literally blocking access for users to our Product we develop. If this type of thing is not resolved then we may need to switch providers purely because you can't even use the product, and the resolution steps are too troublesome especially for enterprise environments, where users do not have permission to modify their cookies or sessions due to their own IT policies.
An update on this please will be great thank you
from active-directory-b2c-dotnet-webapp-and-webapi.
@jayallen @DannyJHM @imercerwillow Just happened again to a user in production today >.< hoping for a resolution soon
from active-directory-b2c-dotnet-webapp-and-webapi.
@jayallen, this is happening to us as well. The long cookie header search on google is how I came across this as well. It started happening after we implemented the custom domain with B2C and Azure Front Door.
Is there any update?
from active-directory-b2c-dotnet-webapp-and-webapi.
Haven't seen this in a while thankfully, but still hoping for an official resolution. Any updates are appreciated! @jayallen
from active-directory-b2c-dotnet-webapp-and-webapi.
Issue is still occurring. If there is a fix, please let me know!
from active-directory-b2c-dotnet-webapp-and-webapi.
Same for me, Issue is still occurring. Fails due to multiple x-ms-cpim-cache-{id} cookies.
from active-directory-b2c-dotnet-webapp-and-webapi.
Related Issues (20)
- make the sample code work behind organization proxy HOT 2
- App very old - Do you have once that works? HOT 7
- Cannot create SSL/TLS link when retrieving metadata HOT 9
- No account or login hint was passed to the AcquireTokenSilent call HOT 12
- Could not load file or assembly Microsoft.Identity.Client, Version=4.37.0.0 HOT 1
- Sign up / Sign in failed HOT 4
- Upgrade to .NET 6 for macOS HOT 3
- Why we need `ReaderWriterLockSlim` in OpenIdConnectCachingSecurityTokenProvider?
- Metadata Endpoint Url cannot be accessed from the sample code
- Bad Request open two tabs with the same web HOT 1
- HttpContext.GetOwinContext().Get<string>("Policy") is a global setting, not a per user session setting HOT 1
- How to use MSAL in this example to do refresh token from azure ad b2c?
- Instructions for configuration back end (.NET web API Project) on AppService is not clear as per the documentation
- How to access "ID token"/"claims" in Web Controllers? HOT 5
- Azure AD B2C - .NET-Web app calling web api - No account or login hint was passed to the AcquireTokenSilent call HOT 21
- Startup Error IDX20807: Unable to retrieve document from: 'System.String' / TLS 1.2 HOT 2
- Implicit grant
- Nuget package Owin.1.0.1 can not be found HOT 1
- Redirect results in 404.
- The demo project is out of date for decade, can we have the latest .NET 8 version? HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-b2c-dotnet-webapp-and-webapi.