AntiforgeryValidationException while trying to enter /SettingManagement #4603 | Support

rafael.gonzales created one year ago

ABP Framework version: v7.0.1
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace:

[11:34:29 INF] Route matched with {page = "/SettingManagement/Index", area = "", action = "", controller = ""}. Executing page /SettingManagement/Index [11:34:29 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [11:34:29 INF] Antiforgery token validation failed. The required antiforgery header value "RequestVerificationToken" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "RequestVerificationToken" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) [11:34:29 INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.

Steps to reproduce the issue:"

I deployed a dev version of my ABP project but whenever I try to enter to /SettingManagement in IIS, I get that exception but if I try to open it up while debugging, It works.

How can I solve it?

3 Answer(s)

0

liangshiwei created one year ago
Support Team Fullstack Developer

Hi,

Can you use CLI to create a new project to reproduce it and share it with me? shiwei.liang@volosoft.com I will check it. thanks.

rafael.gonzales created one year ago

Hi liangshiwei,

I send you the email. I was able to reproduce the same issue in a clean new project getting the same exact exception in logs.

`2023-02-27 17:12:47.573 -05:00 [INF] Route matched with {page = "/SettingManagement/Index", area = "", action = "", controller = ""}. Executing page /SettingManagement/Index
2023-02-27 17:12:47.573 -05:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2023-02-27 17:12:47.581 -05:00 [INF] Antiforgery token validation failed. The antiforgery token could not be decrypted.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
 ---> System.Security.Cryptography.CryptographicException: The key {1daaca96-1e09-4694-8e2c-8bbc5a689861} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.DeserializeTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, AntiforgeryToken& cookieToken, AntiforgeryToken& requestToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
   at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
2023-02-27 17:12:47.582 -05:00 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.
2023-02-27 17:12:47.586 -05:00 [INF] Executing StatusCodeResult, setting HTTP status code 400
2023-02-27 17:12:47.586 -05:00 [INF] Executed page /SettingManagement/Index in 12.8423ms
2023-02-27 17:12:47.586 -05:00 [INF] Executed endpoint '/SettingManagement/Index'
2023-02-27 17:12:48.279 -05:00 [INF] Request finished HTTP/1.1 POST http://localhost:44359/SettingManagement?handler=RenderView&id=Volo.Abp.EmailSetting - 0 - 302 - - 711.1064ms
2023-02-27 17:12:48.284 -05:00 [INF] Request starting HTTP/1.1 GET http://localhost:44359/Error?httpStatusCode=400 - -
2023-02-27 17:12:48.292 -05:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-02-27 17:12:48.299 -05:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).`

0
liangshiwei created one year ago
Support Team Fullstack Developer
Because you are using HTTP, the XSRF-TOKEN cookie required HTTPS.

If you want to use HTTP, you can try:

Configure<AbpAntiForgeryOptions>(options => { options.TokenCookie.SecurePolicy = CookieSecurePolicy.None; });

Have an answer to this question? Log in and write your answer.