.Net Core 2.2 应用程序反序列化 token.The 防伪令牌时抛出异常
An exception was thrown while deserializing the token.The antiforgery token could not be decrypted in .Net Core 2.2 application
我在日志中收到错误。我花了一天的大部分时间寻找解决方案,但找不到满足我要求的解决方案。
这是日志错误
severity=[ERROR], ipaddress=xxxx,
subprocess=Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery,
description=An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The
antiforgery token could not be decrypted. --->
System.Security.Cryptography.CryptographicException: The key
{xxxxxxxxxx} was not found in the key ring. at
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[]
protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus&
status) at
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[]
protectedData, Boolean ignoreRevocationErrors, Boolean&
requiresMigration, Boolean& wasRevoked) at
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[]
protectedData) at
Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String
serializedToken) at
Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String
serializedToken) at
Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext
httpContext)
"Certificates": {
"StoreName": "My",
"StoreLocation": "LocalMachine"
"SerialNumber": "xxxxxxxxxxxx"
},
private X509Certificate2 LCertificate()
{
var storeName = Configuration["Certificates:StoreName"];
var storeLocation = Configuration["Certificates:StoreLocation"];
string serialNumber = Configuration["Certificates: SerialNumber"];
using(X509Store store = new X509Store(storeName,storeLocation))
{
var certificates = store.Certificates
.Find(X509FindType.FindBySerialNumber,
serialNumber,
acceptValidCertOnly);
return certificates[0];
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer
.AddSigningCredential(new X509Certificate2(LCertificate()))
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginModel model)
{
如果
- 您的应用托管在多台服务器上
- 尚未配置共享数据保护
- 您没有使用粘性会话
当用户从服务器 A 请求带有表单的页面,然后将表单提交到服务器 B 时,就会发生这种情况。
如果
,它也可能发生在单个 IIS 服务器上
- 用户请求带有表单的页面
- 你重启服务器
- 用户提交表单
原因是重启导致新的密钥环加载到内存中,表单中的防伪密钥不再有效。
后一种情况可以在 IIS 中通过检查应用程序池中的“加载用户配置文件”来解决。
我在日志中收到错误。我花了一天的大部分时间寻找解决方案,但找不到满足我要求的解决方案。
这是日志错误
severity=[ERROR], ipaddress=xxxx, subprocess=Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery, description=An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {xxxxxxxxxx} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
"Certificates": {
"StoreName": "My",
"StoreLocation": "LocalMachine"
"SerialNumber": "xxxxxxxxxxxx"
},
private X509Certificate2 LCertificate()
{
var storeName = Configuration["Certificates:StoreName"];
var storeLocation = Configuration["Certificates:StoreLocation"];
string serialNumber = Configuration["Certificates: SerialNumber"];
using(X509Store store = new X509Store(storeName,storeLocation))
{
var certificates = store.Certificates
.Find(X509FindType.FindBySerialNumber,
serialNumber,
acceptValidCertOnly);
return certificates[0];
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer
.AddSigningCredential(new X509Certificate2(LCertificate()))
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginModel model)
{
如果
- 您的应用托管在多台服务器上
- 尚未配置共享数据保护
- 您没有使用粘性会话
当用户从服务器 A 请求带有表单的页面,然后将表单提交到服务器 B 时,就会发生这种情况。
如果
,它也可能发生在单个 IIS 服务器上- 用户请求带有表单的页面
- 你重启服务器
- 用户提交表单
原因是重启导致新的密钥环加载到内存中,表单中的防伪密钥不再有效。
后一种情况可以在 IIS 中通过检查应用程序池中的“加载用户配置文件”来解决。