Microsoft.AspNetCore.Antiforgery was not found

Question

I'm deploying a asp.net core 2.0 website to IIS 10.

I've made sure that my app is using the correct configuration for ISS in the program.settings file.

public class Program
{
    public static void Main(string[] args)
    {
        BuildWebHost(args).Run();
    }

    public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseKestrel()
            .UseContentRoot(Directory.GetCurrentDirectory())
            .UseIISIntegration()
            .UseStartup<Startup>()
            .Build();
}

And in my startup.cs file:

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<IISOptions>(options =>
        {
        });
        services.AddMvc();
    }

Yet when I run dotnet website.dll from the command line I get the below error message shown in the command line window:

An assembly specified in the application dependencies manifest (website.deps.json) was not found: package: 'Microsoft.AspNetCore.Antiforgery', version: '2.0.1' path: 'lib/netstandard2.0/Microsoft.AspNetCore.Antiforgery.dll' This assembly was expected to be in the local runtime store as the application was published using the following target manifest files: aspnetcore-store-2.0.3.xml

Based off the error message, i'm guessing Microsoft.AspNetCore.Antiforgery isn't being bundled when I publish since I do not receive this error when debugging.

How can I ensure that my app can find Microsoft.AspNetCore.Antiforgery when published to a live environment?

EDIT: This is a basic .net core website. No changes have been made to the standard project at this time apart from the above changes for deployment with IIS.

When I run the project from IIS instead of the command line I get a 502.5 error message.

Answer 1

I was able to fix this issue by updating the .net core runtime on the server to v2.0.3.

This issue occurs if

1. You have an existing server running v2.0.0 of the .net core runtime.
2. You create an app targeting v2.0.3 of the SDK
3. You publish the v2.0.3 app to a server running v2.0.0

The issue can be resolved by installing v2.0.3 of the runtime on the server. You can download the runtime from the microsoft site here https://www.microsoft.com/net/download/windows

Answer 2

If you are actually using this library, make sure that your *.csproj file has the corresponding explicit reference:

<PackageReference Include="Microsoft.AspNetCore.Antiforgery" Version="..." />

Then, play with the PublishWithAspNetCoreTargetManifest property to resolve the aforementioned issue with a mismatched manifest. Check out the following threads to learn more about possible issues while its deployment:

An assembly specified in the application dependencies manifest (RhWeb.deps.json) was not found

published application is missing assembly (missing runtime store associated ...) [2.0.0-preview2-005905]

HTTP Error 502.5 - Microsoft.AspNetCore.Antiforgery.dll

Answer 3

I had this issue - simple workaround, actually install the NuGet package (I wasn't using it).

Microsoft.AspNetCore.Antiforgery

Published, deployed - fixed the issue.

In another case, when I published the project, a lot of the dlls weren't being placed in the publish folder - including Antiforgery. The below appears to force publishing to add all the required dlls.

Edit your projectname.json file to ensure PropertyGroup contains PublishWithAspNetCoreTargetManifest = false:

<PropertyGroup>
    <TargetFramework>netcoreapp2.0</TargetFramework>
    <PublishWithAspNetCoreTargetManifest>false</PublishWithAspNetCoreTargetManifest>
</PropertyGroup>

Interested to know why the above works?!