[英]Using Antiforgery in ASP.NET Core and got error - the antiforgery token could not be decrypted
My ASP.Net Core MVC application have added Antiforgery middleware like below:我的 ASP.Net Core MVC 应用程序添加了Antiforgery中间件,如下所示:
startup.cs启动.cs
services.AddMvc();
services.AddSession();
services.AddCaching();
services.AddSession(o =>
{
o.IdleTimeout = TimeSpan.FromMinutes(120);
});
services.AddAntiforgery();
I've added below in the view and controller我在下面的视图中添加了 controller
View:看法:
<form action="/Home/Login" method="post" id="staff-login" autocomplete="off">
@Html.AntiForgeryToken()
...
Controller Controller
[HttpPost, ValidateAntiForgeryToken]
public IActionResult Login(IFormCollection formCollection)
{...}
The problem is users always get below when users come across different forms.问题是当用户遇到不同的 forms 时,用户总是低于。
System.InvalidOperationException: The antiforgery token could not be decrypted. System.InvalidOperationException:无法解密防伪令牌。 ---> System.Security.Cryptography.CryptographicException: The key {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} was not found in the key ring. ---> System.Security.Cryptography.CryptographicException:在密钥环中找不到密钥 {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}。
I found a solution which suggests setting a static pair of validation/decryption key in the web.config but it seems this solution is only for classic asp.net application.我找到了一个解决方案,建议在 web.config 中设置一对 static 验证/解密密钥,但似乎该解决方案仅适用于经典的 asp.net 应用程序。 How should I do in ASP.Net core?在 ASP.Net 核心中我应该怎么做?
I've had exactly that error on a ASP .net core app hosted on a linux container.我在 linux 容器上托管的 ASP .net 核心应用程序上遇到了那个错误。
From the docs it would seem if you don't meet certain criteria the keys are only persisted in the process - but that even for me was not working.从文档看来,如果您不符合某些标准,密钥只会在过程中保留 - 但即使对我来说也不起作用。
First the error occurred with the default setup.首先,默认设置发生错误。
I then added specific configuration for the keys on the filesystem:然后我为文件系统上的键添加了特定的配置:
services.AddDataProtection()
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(@"/var/my-af-keys/"));
This also didn't fix the issue I had to set an application name:这也没有解决我必须设置应用程序名称的问题:
services.AddDataProtection()
.SetApplicationName("fow-customer-portal")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(@"/var/dpkeys/"));
I haven't confirmed but its possible nature of the LXC hosting means .net core cannot persist the identity of the app.我尚未确认,但 LXC 托管的可能性质意味着 .net 核心无法保留应用程序的身份。
I've had this because I started using the application on a localhost port and then was trying to use it in docker with the same port.我有这个是因为我开始在本地主机端口上使用该应用程序,然后尝试在具有相同端口的 docker 中使用它。 By then I had cookies that specified the key generated by my machine, so It wouldn't work on docker.到那时我已经有了 cookie 指定了我的机器生成的密钥,所以它在 docker 上不起作用。
TL;DR clear your cookies if you ever used that domain/port from other machines. TL;DR如果您曾经使用过来自其他机器的域/端口,请清除您的 cookie。
What worked for me was using a new user account instead of NETWORK SERVICE as the error message included this:对我有用的是使用新用户帐户而不是网络服务,因为错误消息包括:
System.UnauthorizedAccessException: Access to the path 'C:\\Windows\\system32\\config\\systemprofile' is denied. System.UnauthorizedAccessException: 拒绝访问路径“C:\\Windows\\system32\\config\\systemprofile”。
AWS, Azure and Google Cloud have libraries to make use of their data stores. AWS、Azure 和谷歌云都有库来利用他们的数据存储。
Azure and also to make use of Redis: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-6.0&tabs=visual-studio Azure and also to make use of Redis: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-6.0&tabs=visual-工作室
AWS: https://aws.amazon.com/blogs/developer/aws-ssm-asp-net-core-data-protection-provider/ AWS: https://aws.amazon.com/blogs/developer/aws-ssm-asp-net-core-data-protection-provider/
services
.AddDataProtection()
.PersistKeysToAWSSystemsManager("/App/DataProtection")
.UseCryptographicAlgorithms(
new AuthenticatedEncryptorConfiguration
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
}
);
我在 azure 上运行 .net core 5 应用程序的 linux 容器中遇到了类似的问题,并以私有模式打开浏览器解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.