IIS中的Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery错误

Question

我有以下问题。正在使用的ASP网站和托管在windows server 2012上的web api。该站点工作正常，但当我将其部署到生产环境时，我得到了以下错误：

20-04-24 08:55:56.365 +03:00 [Error] [Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery] [{ Id: 7, Name: "TokenDeserializeException" }] An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
 ---> System.Security.Cryptography.CryptographicException: The key {e790d979-a748-4094-8c5e-d3496ca4f915} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

我使用相同的数据库和连接字符串相同的端点

Answer 1

有一个OP提到的错误消息与以下内容相结合：

System.Security.Cryptography.CryptographicException: The key {327bb8b3-8add-4eb2-9bc9-edf358f19a3a} was not found in the key ring.

ApplicationUserAccessor _context.HttpContext null.

warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]

warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]

根据文档here定义到UNC文件夹的AddDataProtection解决了所有这些消息。

下面是我的代码示例：

    var pgrmData = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData);
    Directory.CreateDirectory($"{pgrmData}\\myaspnetwebapp\\keys");
    services.AddDataProtection()
        .PersistKeysToFileSystem(new DirectoryInfo($"{pgrmData}\\myaspnetwebapp\\keys"));

Answer 2

由于OP没有提供足够的细节，我想提供一个适合我的解决方案。在我的例子中，我有一个ASP.NET核心MVC视图，它发布到一个控制器操作。添加asp-antiforgery属性为我修复了这个问题。

<form asp-controller="Home" asp-action="Index" method="post" asp-antiforgery="false">
   ...
</form>

来自此link的逐字记录

elements.

• Similarly，

• 在HTMLCore2.0或更高版本中，FormTagHelper将防伪标记注入到ASP.NET表单中。如果表单的方法不是GET，则默认情况下IHtmlHelper.BeginForm会生成防伪标记。