Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

The anti-forgery token could not be decrypted

Tags:

asp.net-mvc

asp.net-mvc-4

I have a form:

@using (Html.BeginForm(new { ReturnUrl = ViewBag.ReturnUrl })) { @Html.AntiForgeryToken() @Html.ValidationSummary()...

and action:

[HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public ActionResult Login(LoginModel model, string returnUrl, string City) { }

occasionally (once a week), I get the error:

The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.

i try add to webconfig:

<machineKey validationKey="AutoGenerate,IsolateApps"       decryptionKey="AutoGenerate,IsolateApps" />

but the error still appears occasionally

I noticed this error occurs, for example when a person came from one computer and then trying another computer

Or sometimes an auto value set with incorrect data type like bool to integer to the form field by any jQuery code please also check it.

like image 254
user3331122 Avatar asked May 01 '14 04:05

user3331122

People also ask

What is Antiforgery token could not be decrypted?

Error: The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.

What is an anti forgery token?

AntiForgeryToken is a security token generated by the . Net Core web application, which is used to validate a post request to guard against Cross-Site Request.

How do you validate anti forgery tokens?

The feature doesn't prevent any other type of data forgery or tampering based attacks. To use it, decorate the action method or controller with the ValidateAntiForgeryToken attribute and place a call to @Html. AntiForgeryToken() in the forms posting to the method.

What does HTML AntiForgeryToken () do?

This is to prevent Cross-site request forgery in your MVC application. This is part of the OWASP Top 10 and it is vital in terms of web security. Using the @Html. AntiforgeryToken() method will generate a token per every request so then no one can forge a form post.

1 Answers

I just received this error as well and, in my case, it was caused by the anti-forgery token being applied twice in the same form. The second instance was coming from a partial view so wasn't immediately obvious.

like image 129
Steve Dowling Avatar answered Oct 04 '22 10:10

Steve Dowling
Sign in to Comment

Related questions

Server cannot set status after HTTP headers have been sent IIS7.5
Default value in an asp.net mvc view model
Unable to get windows authentication to work through local IIS
Difference between $.post and $.ajax?
Restarting (Recycling) an Application Pool
How do I specify the columns and rows of a multiline Editor-For in ASP.MVC?
An error occurred attempting to determine the process id of dotnet.exe which is hosting your application. One or more error occured
Is ADO.NET in .NET Core possible?
MVC 3: Conditionally Adding the Disabled Attribute with the HtmlHelpers
Replacement for System.Web.HttpUtility.UrlEncode/UrlDecode ASP.NET 5
Asp.Net MVC how to get view to generate PDF
Can we pass model as a parameter in RedirectToAction?
ASP.NET MVC - Catch All Route And Default Route
Session has not been configured for this application or request error
ASP.NET MVC Ajax.ActionLink with Image
MVC controller : get JSON object from HTTP body?
Unable to create an object of type '[DBContext's Name]'. For the different patterns supported at design time [closed]
How and where to define an environment variable on Azure
How can I load Partial view inside the view?
Implementing a switch statement in a CSHTML page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!