Open Closed

Error 400 on log out and log in #10325


0
Leonardo.Willrich created

Prerequisites

  • What is your product version? 8.6
  • What is your product type (Angular or MVC)? MVC
  • What is product framework type (.net framework or .net core)? .net core

Hi,

I am getting error 400 (bad request) when the user is logging out and logging in again. It is intermittent, sometimes it works fine and sometimes not. If the user presses F5 in the Login form, it works again.

In the log file I am getting this error:

ERROR 2021-05-17 14:16:06,099 [121 ] idateAntiforgeryTokenAuthorizationFilter - The provided antiforgery token was meant for a different claims-based user than the current user. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)


15 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @Leonardo.Willrich

    Could you check the cookies on the browser when you get this error ? Are there more than 1 cookies about anti forgery ?

  • 0
    Leonardo.Willrich created

    Hi ismcagdas,

    I have just 1 cookie for anti forgery. I can reproduce in other machines as well!

  • 0
    musa.demir created
    Support Team

    Hi @Leonardo.Willrich

    I could not reproduce it. Can you please share a project that contains that problem? You can sent it to support@aspnetzero.com with issue number.

  • 0
    Leonardo.Willrich created

    Hi musa.demir,

    Unfortunately, I am not authorized to send you the project. Also, it will depend on external databases, so you will not be able to run the application. Would be possible we arrange a remote session on my local machine?

  • 0
    ismcagdas created
    Support Team

    Hi Leonardo,

    I have created an issue about this, please follow https://github.com/aspnetzero/aspnet-zero-core/issues/3930. We will try to reproduce this on our side first.

  • 0
    Leonardo.Willrich created

    Hi ismcagdas,

    Ok, no problems! Just don't forget that I'am using version 8.6 aspnet .core + JQuery. If you need further information just let me know.

  • 0
    ismcagdas created
    Support Team

    @Leonardo.Willrich sure, we will do.

  • 0
    Leonardo.Willrich created

    Any progress? Have you reproduced that issue?

  • 0
    musa.demir created
    Support Team

    Hi @Leonardo.Willrich

    You can follow the progress here: https://github.com/aspnetzero/aspnet-zero-core/issues/3930

  • 0
    ismcagdas created
    Support Team

    Hi @Leonardo.Willrich

    Could you apply changes in https://github.com/aspnetzero/aspnet-zero-core/pull/3939/files to your project and see if it works ?

  • 0
    ismcagdas created
    Support Team

    Hi @Leonardo.Willrich

    I tried many times but couldn't reproduce this on locally. Are you able to reproduce it locally ? If so, could you share the steps ?

  • 0
    Leonardo.Willrich created

    Hi ismcagdas,

    I'll check that and I'll be back to you. I'm quite busy atm with another project, but hopefully I'll find some time to reproduce that agian by tomorrow or the the day after tomorrow.

  • 0
    ismcagdas created
    Support Team

    Thanks a lot :)

  • 0
    Leonardo.Willrich created

    Hi ismcagdas, I can only reproduce the issue when the website is published and deployed in a IIS server. If I am running locally with IIS Express the issue doesn't happen. I'll try the changes as suggested here: https://support.aspnetzero.com/QA/Questions/10325#answer-93b82c90-0d0d-949c-8de5-39fdc150f354

  • 0
    Leonardo.Willrich created

    Ismcagdas,

    After code implemented, it seems that the issue has been resolved. I could reproduce one more time, but, after login page refresh, I am no longer to reproduce that. Thank you for your help!