I have a situation where the HTTP Authorization request header size is more than 64kb (approximately 90kb) for a particular user. The reason for large size is because the header contains a bearer token, and the user who has initiated the http request has lot of claims.
The problem is for this particular user the web server always returns an error stating:
"HTTP Error 400. The size of the request headers is too long".
The web application is self hosted in a console application using Microsoft owin, so iis is not involved.
While looking into the issue, I came across the following document. It denotes the maximum value for MaxFieldLength is 64kb which denotes the maximum header length handled by http.sys, and my server is set to the maximum value i,e 65,536.
I tried increasing the value further to 131,072 out of curiosity but as expected it did not solve the issue.
So is there any other way to increase the header maximum length?
Source: Windows Questions