We created an ASP.NET MVC application that uses Windows Authentication. We now have the problem that we have some users who get the following error message when accessing the site:
HTTP Error 400. The size of the request headers is too long.
This seems to be due to the users being in too many Active Directory groups.
I already did the following:
I added the following registry keys on the server that is running the web-application:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength ==> 65536
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes ==> 16777216
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa\Parameters\MaxTokenSize ==> 65535
I also set the following registry key on the client computer via which I accessed the web-application:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa\Parameters\MaxTokenSize ==> 65535
I then restarted all the computers and tried accessing the web-application again. I am still getting the above error message.
Does anybody have an idea what I can do? How can I further debug and analyze this problem?