asp.net core 2.0部署 - InvalidOperationException:无法解密防伪令牌
[英]asp.net core 2.0 deployment - InvalidOperationException: The antiforgery token could not be decrypted
问题描述
Recently I developed a asp.net core 2.0 web app in my company and in debug mode works perfect, however when I deployed in our testing server into IIS and we try to execute from a client machine it ran into a problem: 
最近我在我的公司开发了一个asp.net core 2.0 web应用程序,并且在调试模式下工作完美,但是当我在我们的测试服务器中部署到IIS并且我们尝试从客户端机器执行时遇到了一个问题:
An unhandled exception occurred while processing the request.
CryptographicException: The key {0851ad3b-df33-4cf7-8c3a-5c637adaa713} was not found in the key ring.
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, bool allowOperationsOnRevokedKeys, out UnprotectStatus status)
InvalidOperationException: The antiforgery token could not be decrypted.
Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(string serializedToken)
The problem starts when I submmit login page. 当我提交登录页面时,问题就开始了。 I investigated links with same problems here and other blogs, but I found that has to be with ValidateAntiForgeryToken and solution is related with Microsoft.AspNetCore.DataProtection. 我在这里和其他博客调查了相同问题的链接,但我发现必须使用ValidateAntiForgeryToken并且解决方案与Microsoft.AspNetCore.DataProtection相关。 I added nuget package Microsoft.AspNetCore.DataProtection.Redis to my project and I added in ConfigureServices of startup class following code: 我将nuget包Microsoft.AspNetCore.DataProtection.Redis添加到我的项目中,我在启动类的ConfigureServices中添加了以下代码:
var redis = ConnectionMultiplexer.Connect("192.168.10.151:80");
services.AddDataProtection().PersistKeysToRedis(redis, "DataProtection-Keys");
services.AddOptions();
Our testing server ip is 192.168.10.151, however app throws following exception: 我们的测试服务器ip是192.168.10.151,但app抛出以下异常:
RedisConnectionException: It was not possible to connect to the redis server(s); to create a disconnected multiplexer, disable AbortOnConnectFail. InternalFailure on PING
¿Why it doesn't connect since is resolving in the same web app server? ¿为什么它没有连接,因为在同一个Web应用服务器中解析? ¿Where is DataProtection-Keys database located? ¿DataProtection-Keys数据库位于何处?
as a workaround, I changed method by using PersistKeysToFileSystem as follows: 作为一种解决方法,我使用PersistKeysToFileSystem更改了方法,如下所示:
services.AddDataProtection()
.SetApplicationName("myapp-portal")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo (@"c:\ProgramData\dpkeys"));
However running app in test server 192.168.10.151, when login form is submitted, goes back to login page. 但是,在测试服务器192.168.10.151中运行应用程序时,提交登录表单时,将返回登录页面。 Checking stdout log file, only shows: 检查stdout日志文件,只显示:
Hosting environment: Production Content root path: C:\\inetpub\\wwwroot\\OmniPays Now listening on: http://localhost:30064 Application started. 托管环境:生产内容根路径:C:\\ inetpub \\ wwwroot \\ OmniPays现在正在侦听: http:// localhost:30064应用程序已启动。 Press Ctrl+C to shut down. 按Ctrl + C关闭。
Checking network messages by chrome's developers tools I noticed something: 通过chrome的开发人员工具检查网络消息我注意到了一些事情:
Request URL: http://192.168.10.151/OmniPays/Account/Login Request Method: POST Status Code: 302 Found Remote Address: 192.168.10.151:80 Referrer Policy: no-referrer-when-downgrade 请求网址: http : //192.168.10.151/OmniPays/Account/Login请求方法:POST状态码:302找到远程地址:192.168.10.151:80推荐人政策:no-referrer-when-downgrade
and then ... 接着 ...
Request URL: http://192.168.10.151/OmniPays/Home/Main Request Method: GET Status Code: 302 Found Remote Address: 192.168.10.151:80 Referrer Policy: no-referrer-when-downgrade 请求网址: http : //192.168.10.151/OmniPays/Home/Main请求方法:GET状态代码:302找到远程地址:192.168.10.151:80推荐人政策:no-referrer-when-downgrade
AccountController's Login action redirect request to HomeController's Main action only if authentication succeded, and Main action has [Authorize] attribute. 只有在身份验证成功且主操作具有[Authorize]属性时,AccountController的Login操作才会将请求重定向到HomeController的主要操作。 For some reasons I can't achieve understand, Main action fails and return to Login page. 由于某些原因我无法理解,主要操作失败并返回登录页面。 URL in chrome shows: http://192.168.10.151/OmniPays/Account/Login?ReturnUrl=%2FOmniPays%2FHome%2FMain Chrome中的网址显示: http : //192.168.10.151/OmniPays/Account/Login?ReturnUrl =%2FOmniPays%2FHome%2FMain
I'm using Microsoft Identity. 我正在使用Microsoft身份。 In debug mode works fine and if I deploy app in my local PC on IIS also works fine. 在调试模式下工作正常,如果我在IIS上的本地PC上部署应用程序也可以正常工作。 ¿Maybe any SDK is missing in the server? ¿也许服务器中缺少任何SDK?
Please need help!! 请帮忙!
1 个解决方案
解决方案1
2 2018-06-05 16:45:55
Solution was found! 解决方案被发现! the cause of problem was not in IIS neither the Server, connection to the server is using http rather than https, no certifies involved to validate secure connection, however testing in differents servers app works ok, so I felt really disappointed. 问题的原因不在于IIS既不是服务器,也不是服务器的连接使用http而不是https,没有认证涉及验证安全连接,但是在不同服务器应用程序中的测试工作正常,所以我感到非常失望。 Solution was to remove cookies an any data related with this URL pointing to Development Server (failing) in all browsers, data that was previously stored, and voila!!, now app works perfect. 解决方案是删除cookie,与此URL相关的任何数据指向所有浏览器中的Development Server(失败),以前存储的数据,以及瞧!!现在应用程序完美无缺。 By default, as bhmahler comments data protection is made in memory and I left configuration by default, I mean, not explicitly persistence in redis nor PersistKeysToFileSystem and works fine, however is important to set DataProtection to strong data sensitive protection. 默认情况下,正如bhmahler评论数据保护是在内存中进行的,我默认情况下保留配置,我的意思是,不是在redis中明确持久化,也不是PersistKeysToFileSystem并且工作正常,但是将DataProtection设置为强数据敏感保护非常重要。
I'm newbie about these topics and It's unbelievable such a simple thing caused on me that waste of time. 我是关于这些主题的新手,令人难以置信的是这样一件简单的事情让我浪费时间。 Thanks to all!. 谢谢大家!。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.