0

I am running IIS 8.5 on a load-balanced (two-node) web farm. We are getting sporadic errors: 

System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery
token could not be decrypted....

I have tried/checked various solutions:

  • At the server-wide level, I created explicit validation and decryption keys as described here, and have synchronized them across both nodes. One thing to note is that for now, I left "Generate a unique key for each application" unchecked.
  • The token is only generated once per page to avoid the problem described here.

But the errors persist.

What can I do next to troubleshoot?

EDIT:

Controller code:

[HttpGet]
public ActionResult Index()
{
    var model = new LoginModel();
    return View(model);
}

Relevant view code:

@using (Html.BeginForm())
{
    @Html.AntiForgeryToken()
    @Html.ValidationSummary(true)

    <h1>Log In</h1>
    <fieldset>
        <label>Email</label>
        @Html.TextBoxFor(model => model.Username)                        
        <label>Password</label>
        @Html.PasswordFor(model => model.Password)
        <input type="submit" />
    </fieldset>
}
Community
  • 1
  • 1
anon
  • 4,578
  • 3
  • 35
  • 54
  • Can you show us the code? Specifically, the view and controller method. Also, have you synced the machine keys in all the .NET frameworks (64 and 32-bit) on both machines? – Jeremy Holovacs Jul 15 '16 at 18:43
  • It'll take me a while to anonymize the code. Regarding the machine key, my understanding is that the machine key consists of a validation key and decryption key, which I synchronized via the IIS GUI as outlined in the first link. Is that an incorrect understanding? – anon Jul 15 '16 at 19:00
  • I believe that's correct... but the trick is, there's multiple machine.configs, one for each version of .NET Framework installed on the server, and for each platform (64/32 bit). If you missed one, and that's the one that a server is using for that request, you'll encounter these kinds of problems. – Jeremy Holovacs Jul 15 '16 at 20:05

1 Answers1

0

I had same exact issue many people gave suggestions of changing machine key or it might happen if you have included anti forgery taken more than once in form. My issues didn't happen for any of the reason, it happened for one simple stupid reason and it's improper div placement. I mean if you close a div inside the MVC form that is opened outside, then you will likely to get this issue.

Suhas Mallesh
  • 1
  • 2