[英]Using Antiforgery in ASP.NET Core and got error - the antiforgery token could not be decrypted
[英]An exception was thrown while deserializing the token.The antiforgery token could not be decrypted in .Net Core 2.2 application
我的日志中出现错误。 我花了大部分时间寻找解决方案,但找不到满足我要求的解决方案。
这是日志错误
severity=[ERROR], ipaddress=xxxx, subprocess=Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery, description=反序列化令牌时引发异常。 Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException:无法解密防伪令牌。 ---> System.Security.Cryptography.CryptographicException:在密钥环中找不到密钥 {xxxxxxxxxx}。 at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked ) 在 Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) 在 Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) 在 Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) ) 在 Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
"Certificates": {
"StoreName": "My",
"StoreLocation": "LocalMachine"
"SerialNumber": "xxxxxxxxxxxx"
},
private X509Certificate2 LCertificate()
{
var storeName = Configuration["Certificates:StoreName"];
var storeLocation = Configuration["Certificates:StoreLocation"];
string serialNumber = Configuration["Certificates: SerialNumber"];
using(X509Store store = new X509Store(storeName,storeLocation))
{
var certificates = store.Certificates
.Find(X509FindType.FindBySerialNumber,
serialNumber,
acceptValidCertOnly);
return certificates[0];
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer
.AddSigningCredential(new X509Certificate2(LCertificate()))
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginModel model)
{
如果
当用户从服务器 A 请求带有表单的页面,然后将表单提交到服务器 B 时,就会发生这种情况。
它也可能发生在单个 IIS 服务器上,如果
原因是重新启动会导致新的密钥环加载到 memory 中,并且表单内的防伪密钥不再有效。
通过检查应用程序池中的“加载用户配置文件”,可以在 IIS 中修复后一种情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.