Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
Question
The antiforgery token could not be decrypted. .net core with Dokku - keys mismatch
I’m deploying my .net core 2.0 app on digital ocean using Dokku droplet. The app is starting up without problem, but when I open on browser for the first time, I see this error in logs:
2018-05-24T15:01:23.926430569Z app[web.1]: warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
2018-05-24T15:01:23.926487523Z app[web.1]: No XML encryptor configured. Key {f4e564e3-5da2-47cd-a06f-8d39bddb01a6} may be persisted to storage in unencrypted form.
2018-05-24T15:01:24.197307356Z app[web.1]: Hosting environment: Production
2018-05-24T15:01:24.197345362Z app[web.1]: Content root path: /app
2018-05-24T15:01:24.197443256Z app[web.1]: Now listening on: http://[::]:80
2018-05-24T15:01:24.197454955Z app[web.1]: Application started. Press Ctrl+C to shut down.
2018-05-24T15:02:10.745668563Z app[web.1]: fail: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[7]
2018-05-24T15:02:10.745704071Z app[web.1]: An exception was thrown while deserializing the token.
2018-05-24T15:02:10.745708502Z app[web.1]: System.InvalidOperationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {d19cfc13-383c-4cbd-a212-2642c0be6ce0} was not found in the key ring.
2018-05-24T15:02:10.745712311Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
2018-05-24T15:02:10.745715900Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
2018-05-24T15:02:10.745719643Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
2018-05-24T15:02:10.745722936Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
2018-05-24T15:02:10.745725892Z app[web.1]: --- End of inner exception stack trace ---
2018-05-24T15:02:10.745728801Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
2018-05-24T15:02:10.745731780Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
2018-05-24T15:02:10.747046137Z app[web.1]: fail: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[7]
2018-05-24T15:02:10.747067863Z app[web.1]: An exception was thrown while deserializing the token.
2018-05-24T15:02:10.747136022Z app[web.1]: System.InvalidOperationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {d19cfc13-383c-4cbd-a212-2642c0be6ce0} was not found in the key ring.
2018-05-24T15:02:10.747201004Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
2018-05-24T15:02:10.747207847Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
2018-05-24T15:02:10.747255786Z app[web.1]: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
2018-05-24T15:02:10.747272491Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
2018-05-24T15:02:10.747385466Z app[web.1]: --- End of inner exception stack trace ---
2018-05-24T15:02:10.747399727Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
2018-05-24T15:02:10.747403575Z app[web.1]: at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
When I try posting a login form, I get 400 Bad request. It took me hours to try different ways, for example lastly I tried the following in Startup.cs
services.AddDataProtection()
.SetApplicationName("myapp-web")
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(@"./"));
I also tried .DisableAutomaticKeyGeneration() and deploying the key file with app with no success. I tried adding RUN chmod 777 /app to the DockerFile, with an idea about permissions. Nothing works.
I can clearly see that the keyfile is being generated with name key-f4e564e3-5da2-47cd-a06f-8d39bddb01a6.xml but later as you can see in logs above, it’s looking for another key: The key {d19cfc13-383c-4cbd-a212-2642c0be6ce0} was not found in the key ring.
I tried cleaning browser cache and cookies, doesn’t work. Is this a bug of .net core? Why is it looking for a key which is different than what was generated on app start? It’s working great on local and other platforms though. This app was working on ubuntu before (without docker). So I can’t get an idea why such a behaviour popped up.
Related
Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Question
Question
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×