Open Closed

An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. #11025


0
dexter.cunanan created
  • ASP.net Core 3.1
  • Angular -.net core
  • 3.1

Were receiving this exception multiple time in our Host service:

An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.

We're seeing increase in CPU usage as well and not sure if it is related.

Our app is hosted on multiple Servers. Not sure if shared data protection is configured or sticky sessions is used.


4 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @dexter.cunanan

    Normally Angular app doesn't use Antiforgery validation. Angular app also uses token, so it shouldn't cause a problem related to multiple deployment.

    Is it possible to share the entire stack trace for this error ?

    Thanks,

  • 1
    sedulen created

    Hi @dexter.cunanan

    what technology are you using for your host service? are you deploying using Docker, by chance?

    I have seen cases where DataProtection defaults to the local file system, but still fails to work properly on Docker container instances, even if you are running just a single instance.

    https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-6.0

    https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings?view=aspnetcore-6.0

    When hosting in a Docker container, keys should be persisted in a folder that's a Docker volume (a shared volume or a host-mounted volume that persists beyond the container's lifetime) or in an external provider, such as Azure Key Vault or Redis. An external provider is also useful in web farm scenarios if apps can't access a shared network volume (see PersistKeysToFileSystem for more information).

    @ismcagdas - does the ABP / ANZ framework call .AddDataProtection anywhere? I can see the DataProtection assemblies referenced, but I can't find anything in the ABP source code on github that calls .AddDataProtection.

    -Brian

  • 0
    ismcagdas created
    Support Team

    Hi @dexter.cunanan

    Did you solve your problem ?

  • 0
    kansoftware created

    @ismcagdas We are facing same issue while deploying the application on AWS We have 2 server having same application in asp.net core MVC with jquery version and getting this error

    regards, Harshit