aspnetcore: Random: The antiforgery token could not be decrypted.

From @zulander1 on Tuesday, 18 September 2018 23:44:52

Issue Title

Hello,

We are getting random: The antiforgery token could not be decrypted.

Site is running on IIS on Windows 2016, the authentication is Azure AD, Application in running on NET CORE 2.1.4. No error generated on the development site.

I am not too sure where to start… Thank’s

fail: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[7]
      An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {9009f561-0974-426e-8d3a-00fb5ce76e95} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

Copied from original issue: dotnet/core#1947

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 26 (13 by maintainers)

Most upvoted comments

Don’t do the same mistake I was doing: if you log in your machine and the change the machine (e.g. use docker) and keep using the same domain/port then you must clear the browser cache or it will try to use a key generated on the previous machine.

+5
StefanoChiodino on Feb 3, 2019

Yea, there’s the problem

[20:04:57 WRN] Using an in-memory repository. Keys will not be persisted to storage.
[20:04:57 WRN] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.

The solution can be different, if you don’t want the overhead of loading the profile you can run a powershell script, as described in the deployment docs or you pick a file system directory and config it manually.

+3
blowdart on Sep 21, 2018

This just occurred (and wasted lots of effort troubleshooting) on ASP.NET Core 2.2 on Ubuntu 16.04 LTS. Was not occurring during development on localhost (Win10 Pro). Application went from lightning fast to 5+ seconds per page load which led me to the logs. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {b876deca-1593-40bf-97a6-eb5b6466f40d} was not found in the key ring. Seemingly disabled [ValidateAntiForgeryToken] and still received errors in logs on every single request as well as “The application completed without reading the entire request body…”. Cleared cookies, no dice. Finally, rebooted server - immediately resolved issue.

+1
colinwphillips on Jan 2, 2019

Is the site load balanced across multiple instances? Or does this happen sometimes after a recent deployment?

+1
Tratcher on Sep 19, 2018
Read more comments on GitHub
← aspnetcore: Publishing Blazor WASM failing with Integrity checks
aspnetcore: Razor compiler produces incorrect markup content for single-quoted attributes →