Header size issue with Identity server 4


Please Share

I have been working on a project recently. It was an ASP .net core MVC plugin to our application. The plugin would connect to an Identity Server 4 to authenticate the user before allowing them access to the plugin.

I followed the tutorials on identity server website exactly yet i was getting this strange error message from Kong


Headers to big

upstream sent too big header while reading response header from upstream

Fast forward a few hours. The problem was that the cookie returned by Identity server 4 was huge. The cookiechunker was chomping it up into 4000 kb bites and there were two of them so that gave me headers grater than 8000 kb which kong was not having.

Everything i read on line said that we should set up the default size in to be

proxy_buffers 8 16k; # Buffer pool = 8 buffers of 16k
proxy_buffer_size 16k; # 16k of buffers from pool used for headers

Our system admin was opposed to this his thinking was that it would continue to grow and then he would have to set it up again.

So i went looking for another solution. Which i found within this article Cookie size and cookie authentication in ASP.NET Core and this Git project MemoryCacheTicketStore.cs

Solution

The Cookie authentication has an option called SessionStore. BINGO! This allows us to store the it as a session rather than in the headers!


services.AddAuthentication(options =>
                {
                    options.DefaultScheme = "Cookies";
                    options.DefaultChallengeScheme = "oidc";
                })
                .AddCookie("Cookies", options => options.SessionStore = new MemoryCacheTicketStore())
                .AddOpenIdConnect("oidc", options =>
                {
                    options.SignInScheme = "Cookies";

                    options.Authority = Configuration["ServiceSettings:IdentityServerEndpoint"];
                    options.RequireHttpsMetadata = false;

                    options.ClientId = Configuration["ServiceSettings:ClientId"];
                    options.ClientSecret = Configuration["ServiceSettings:secret"];
                    options.ResponseType = "code id_token";

                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;

                    options.Scope.Add("testapi");
                    options.Scope.Add("offline_access");
                });

public class MemoryCacheTicketStore : ITicketStore
    {
        private readonly int _expireInHours = 1;
        private const string KeyPrefix = "AuthSessionStore-";
        private IMemoryCache _cache;

        public MemoryCacheTicketStore()
        {
            _cache = new MemoryCache(new MemoryCacheOptions());
        }

        public async Task StoreAsync(AuthenticationTicket ticket)
        {
            var key = $"{KeyPrefix}{Guid.NewGuid()}";
            await RenewAsync(key, ticket);
            return key;
        }

        public Task RenewAsync(string key, AuthenticationTicket ticket)
        {
            var options = new MemoryCacheEntryOptions();
            var expiresUtc = ticket.Properties.ExpiresUtc;
            if (expiresUtc.HasValue)
                options.SetAbsoluteExpiration(expiresUtc.Value);

            options.SetSlidingExpiration(TimeSpan.FromHours(_expireInHours));

            _cache.Set(key, ticket, options);
            
            return Task.FromResult(0);
        }

        public Task RetrieveAsync(string key)
        {
            _cache.TryGetValue(key, out AuthenticationTicket ticket);
            return Task.FromResult(ticket);
        }

        public Task RemoveAsync(string key)
        {
            _cache.Remove(key);
            return Task.FromResult(0);
        }
    }

Conclusion

If you are having an issue with the size of your headers in Identity Server 4 it is possible to store the data as a season rather than in headers. You will need to create your own implementation of ITicketStore.

Please Share


Linda Lawton

About Linda Lawton

My name is Linda Lawton I have more than 20 years experience working as an application developer and a database expert. I have also been working with Google APIs since 2012 and I have been contributing to the Google .Net client library since 2013. In 2013 I became a a Google Developer Experts for Google Analytics.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.