错误 HTTP 400:标头请求的大小太长 通常是由于Cookie过多或太大.

Azure AD B2C的登录通过login.microsoftonline.com，几乎每个Microsoft服务(O365，Azure等)都通过.因此，如果您在这些服务中已经登录了多个帐户，则说明您正在积累Cookie，这将导致此问题.

Azure AD B2C's login goes through login.microsoftonline.com, as does almost every Microsoft service (O365, Azure, etc). So if you've got several accounts that you've signed in to across these services, you're accumulating cookies that will cause this problem.

与最终用户相比，这对于开发人员而言更频繁发生，因为开发人员使用其公司帐户(也许还使用B2C管理员帐户)登录到Azure门户，然后通过多次登录测试其B2C驱动的应用程序.

This is bound to happen much more frequently to developers than end users as developers are logging in to the Azure portal with their corporate account, maybe also with a B2C admin account and then testing out their B2C-powered app with multiple logins.

从长远来看，答案将是允许Azure AD B2C客户指定他们自己的自定义域.这使应用程序的B2C Cookie与login.microsoftonline.com中的所有其他内容隔离开来.截至2019年6月23日，此功能仍在开发中.您可以在Azure AD B2C反馈论坛中对该功能进行投票来支持该功能并跟踪其进度:

In the long term, the answer will be to allow Azure AD B2C customers to specify their own custom domain. This gives the application's B2C cookies isolation from everything else in login.microsoftonline.com. As of 2019-06-23, this feature is still under development. You can support this feature and keep track of its progress by voting for it in the Azure AD B2C feedback forum: Customer-owned domains

但是，在此期间，您可以探索两件事:

1. 清除Cookie .这肯定会每次都起作用，而且非常麻烦，尤其是如果将其呈现给您的最终用户.

1. Clear your cookies. This will definitely work every time, it's just cumbersome, especially if presented to your end users.

限制您在令牌中包含的声明数量.您

Limit the amount of claims you include in your token. The more attributes you include in your policy, you'll end up with longer http requests which give you less margin for cookies from other Microsoft properties

注意:这与以下问题相同:

Note: This is the same question as: http 400: size of header request is too long when signing in user using Multifactor authentication

Azure AD B2C允许您使用b2clogin. com 而不是login.microsoftonline.com，它将大大减少您对该问题的暴露程度，因为您将不再与其他Microsoft服务共享Cookie.

Azure AD B2C allows you to use b2clogin.com instead of login.microsoftonline.com which will reduce your substantially reduce your exposure to this issue as you'll no longer share cookies with other Microsoft services.