Menu
I am working on an ASP.NET MVC application on my local machine using the Visual Studio 2012 built in IISExpress. After a significant progress I decided to make it available across the Local network, I created a virtual directory from visual studio. I can log in but when I try to register a new user. I get the error below.
The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
I generated a new machine key from (ASPNET resources) and placed it in my configuration file but is not still working.Can someone suggest a solution?
636
AntiForgeryToken()Generates a hidden form field (anti-forgery token) that is validated when the form is submitted. C# Copy. public System.Web.Mvc.
To help prevent CSRF attacks, ASP.NET MVC uses anti-forgery tokens, also called request verification tokens. The client requests an HTML page that contains a form. The server includes two tokens in the response. One token is sent as a cookie. The other is placed in a hidden form field.
If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
Basically, when you request a page, the server includes a hidden field with an encrypted value. And when you submit the form, the website looks at the cookie to make sure you're authenticated, but it also looks at the encrypted value that the browser sends and make sure it's valid.
One thing I noticed is that this error could be caused by having multiple @Html.AntiForgeryToken() pieces of code on the page. I had 2 on my page and once I removed the second one, this error went away.
90
You should be adding a machine key that is unique to the website/machine combination. It is this machine key that the token generator uses. This means that you should generate a machine key (which you can do here (dead link-beware) and add it to your Web.config file on your machine. You can find more information here: http://msdn.microsoft.com/en-us/library/ff649308.aspx
You can also do this directly from within IIS: http://blogs.msdn.com/b/amb/archive/2012/07/31/easiest-way-to-generate-machinekey.aspx
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
