I have a .Net Core 6 MVC application that uses Auth0 for authentication. When I run it from Visual Studio 2022 it starts up and I can successfully authenticate using the Auth0 login page.
But when I publish the application to IIS, startup fails prior to login accessing the /callback URL with error message “Bad Request – Request Too Long. HTTP Error 400.” The size of the request headers is too long.” Using Fiddler, I see the request headers for the /callback URL has 41 AspNetCore.Correlation cooking and 41 AspNetCore.OpenIDConnect.Nonce cookies. The problem happens when hosted in IIS on either Windows Server 2012 R2 or Windows Server 2019.
But, when executing the application from Visual Studio, the /callback endpoint is not accessed until after a login attempt, so I don’t know why the /callback URL is being requested prior to login when hosted in IIS.
FWIW, I have a .Net Core 2.2 version of the same application that works/authenticates normally when run from either Visual Studio 2019 or hosted in IIS on either Windows Server 2012 R2 or Windows Server 2019.
Any help is appreciated!