Open Closed

AntiforgeryValidationException while trying to enter /SettingManagement #4603


User avatar
1
rafael.gonzales created
  • ABP Framework version: v7.0.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:

[11:34:29 INF] Route matched with {page = "/SettingManagement/Index", area = "", action = "", controller = ""}. Executing page /SettingManagement/Index [11:34:29 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [11:34:29 INF] Antiforgery token validation failed. The required antiforgery header value "RequestVerificationToken" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "RequestVerificationToken" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) [11:34:29 INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.

  • Steps to reproduce the issue:"

I deployed a dev version of my ABP project but whenever I try to enter to /SettingManagement in IIS, I get that exception but if I try to open it up while debugging, It works.

How can I solve it?


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you use CLI to create a new project to reproduce it and share it with me? shiwei.liang@volosoft.com I will check it. thanks.

  • User Avatar
    0
    rafael.gonzales created

    Hi liangshiwei,

    I send you the email. I was able to reproduce the same issue in a clean new project getting the same exact exception in logs.

    `2023-02-27 17:12:47.573 -05:00 [INF] Route matched with {page = "/SettingManagement/Index", area = "", action = "", controller = ""}. Executing page /SettingManagement/Index
    2023-02-27 17:12:47.573 -05:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
    2023-02-27 17:12:47.581 -05:00 [INF] Antiforgery token validation failed. The antiforgery token could not be decrypted.
    Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
     ---> System.Security.Cryptography.CryptographicException: The key {1daaca96-1e09-4694-8e2c-8bbc5a689861} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning
       at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
       at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
       --- End of inner exception stack trace ---
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.DeserializeTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, AntiforgeryToken& cookieToken, AntiforgeryToken& requestToken)
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
       at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
    2023-02-27 17:12:47.582 -05:00 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.
    2023-02-27 17:12:47.586 -05:00 [INF] Executing StatusCodeResult, setting HTTP status code 400
    2023-02-27 17:12:47.586 -05:00 [INF] Executed page /SettingManagement/Index in 12.8423ms
    2023-02-27 17:12:47.586 -05:00 [INF] Executed endpoint '/SettingManagement/Index'
    2023-02-27 17:12:48.279 -05:00 [INF] Request finished HTTP/1.1 POST http://localhost:44359/SettingManagement?handler=RenderView&id=Volo.Abp.EmailSetting - 0 - 302 - - 711.1064ms
    2023-02-27 17:12:48.284 -05:00 [INF] Request starting HTTP/1.1 GET http://localhost:44359/Error?httpStatusCode=400 - -
    2023-02-27 17:12:48.292 -05:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
    2023-02-27 17:12:48.299 -05:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).`
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Because you are using HTTP, the XSRF-TOKEN cookie required HTTPS.

    If you want to use HTTP, you can try:

    Configure<AbpAntiForgeryOptions>(options =>
    {
        options.TokenCookie.SecurePolicy = CookieSecurePolicy.None;
    });
    
Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19