0

I have setup an identity system with Identity server and wanted to share the instance for tokens between 3 applications, so i have setup the process according to this,

https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-2.2&tabs=visual-studio#entity-framework-core

        services.AddDbContext<DataProtectionDbContext>(options => 
            options.UseSqlServer(Configuration.GetConnectionString(nameof(DataProtectionDbContext))));

        var certificateThumb = Configuration["CertificateConfiguration:Validation:CertificateThumbprint"];
        services.AddDataProtection()
            .PersistKeysToDbContext<DataProtectionDbContext>()
            .ProtectKeysWithCertificate(certificateThumb);

though when i add the DataProtection to the application, the anti forgery token cannot be found, iam assuming that the antiforgery tokens isn't automatically created in the data protection context.

Does anyone know why adding this causes the application to crash on the AntiForgerytoken validation?

IdentityServer Question: is the IdentityServerBuilder.AddValidationKey does that certificate concern the token validation

Waqar Ali
  • 163
  • 13
Martea
  • 507
  • 1
  • 5
  • 18
  • [this](https://stackoverflow.com/questions/2206595/how-do-i-solve-an-antiforgerytoken-exception-that-occurs-after-an-iisreset-in-my) might help – Syafiqur__ Jul 19 '19 at 07:49
  • 1
    @Syafiqur__ as i understand machinekey isnt a part of the new DataProtection system. – Martea Jul 19 '19 at 07:59
  • 1
    Did you set a global filter? `services.AddMvc(o => o.Filters.Add(typeof(AutoValidateAntiforgeryTokenAttribute)));` –  Jul 19 '19 at 08:31
  • No i havent ill try that =) – Martea Jul 19 '19 at 08:45
  • Had to add the applicationname, to the dataprotector then everything works, i think the AutoValidateAntiForgeryToken, helped resolved the antiforgerytoken issue – Martea Jul 19 '19 at 10:23

0 Answers0