0

I am developing an application in Asp.Net MVC 5. When I assign more than 396 roles to a user, the user can't log in anymore without raising an error.

After deleting some roles that have been assigned to the user until the number of Assigned Roles is 396 or less then everything works fine again. Any help would be greatly appreciated.  

Cindy Meister
  • 25,071
  • 21
  • 34
  • 43
Mohaddes Sokhangou
  • 28
  • 5
  • Can you check the request header when it has 396+ roles? I think cookie length may reach to the maximum. And it eliminates some data after exceeds. – ilkerkaran Aug 07 '18 at 13:38
  • 1
    There's nothing magical about the number 396. We need more information to begin to guess what the issue might be. –  Aug 07 '18 at 15:05

1 Answers1

1

Most likely you run out of space on a cookie. Information about assigned roles is put into cookie when user logins. Cookies have limits of how much they can handle.

Limitations on how much you can fit into cookie varies with browsers, but generally this is about 4Kb. However, OWIN version 3 able to split the authentication value into multiple cookies. Yet total maximum headers size for HTTP requests is 16Kb. See this thread about limitations

So 396 roles is a lot. Looks like your authentication information is above 16Kb and your cookies are just not set.

Solution: have less roles. Nothing else you can do about it - this is browsers limitation.

Or you can implement some custom role checking for user. But honestly, this amount of roles stink - something is not right with your authorization system setup.

trailmax
  • 34,305
  • 22
  • 140
  • 234
  • thanks for your help. it was the cookies. it is a big project with more than 350 forms and our customers need authentication for displaying ,save ,delete and report for each form seperatly. mostly users have only a few roles but some of them need to access to most of the forms . – Mohaddes Sokhangou Aug 08 '18 at 04:45