0

When I try to login to my web site it gives HTTP ERROR 500 error which is "An exception was thrown while deserializing the token.". My application uses identity db context..

Error:

An exception was thrown while deserializing the token.

Exception: Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {37d006d2-8207-4740-9e6e-5804d8840ea6} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

My IdentityDbContext class:

public class ApplicationContext : IdentityDbContext<ApplicationUser>
{
    public ApplicationContext(DbContextOptions<ApplicationContext> options) : base(options)
    {

    }
    public DbSet<Expenses> Expenses { get; set; }
    public DbSet<Revenues> Revenues { get; set; }
}

Startup:

services.AddIdentity<ApplicationUser, IdentityRole>(opt =>
        {
            opt.Password.RequiredLength = 1;
            opt.Password.RequireNonAlphanumeric = false;
            opt.Password.RequireLowercase = false;
            opt.Password.RequireUppercase = false;
            opt.Password.RequireDigit = false;

        })
         .AddEntityFrameworkStores<ApplicationContext>();
        services.AddAuthentication();

It works in my local machine, after deploying it to hosting, I cannot access the web site after successful login.. How can I solve this problem?

Alish Safarli
  • 21
  • 6
  • Hello. Did you check this one : https://stackoverflow.com/questions/23402210/the-anti-forgery-token-could-not-be-decrypted ? – AntiqTech Feb 05 '21 at 19:19
  • @AntiqTech yeah.. Why it works in local machine using both remote sql and local sql server and not working after deployment? I am new to web deployment.. I have been just trying to solve this problem in a days, no clue – Alish Safarli Feb 05 '21 at 20:09
  • @Are you able to see your login page loaded or do you directly get this 500 error ? since it's specific to deployment environment, check any links/url you need to access in the back ground if there are any. – AntiqTech Feb 05 '21 at 22:02
  • @AntiqTech when you enter the [site](https://wallet.alishsafarli.com/), you see the loaded page. When I type incorrect user details it says its incorrect username.. when I type correct one it redirects me to 500 error. I think there is no problem with the con string to db.. as it says it is incorrect user details. – Alish Safarli Feb 05 '21 at 22:17
  • @AntiqTech and there is no problem in local machine.. I can run it without problem in my local visual studio. I have turned on failed request tracing.. but I dunno what it say as I am new to web deployment :) – Alish Safarli Feb 05 '21 at 22:20
  • @AntiqTech the error above is given to me from hosting providers. They say that say see that error. – Alish Safarli Feb 05 '21 at 22:22
  • Check the point where you successfully determine that user/pass is valid in the backend. Maybe there is a problem with redirecting. Where do you redirect to, after successful lıogin? check the page's code. If it has "@Html.AntiForgeryToken()" like the example from that link I gave in the first post . – AntiqTech Feb 05 '21 at 22:31
  • When I redirect to a controller/action , must it be decorated with antiforgery token ? – Alish Safarli Feb 05 '21 at 22:35
  • I only wrote that because of your exception "AntiforgeryValidationException". I don't know if you need to add that or not. Does that controller/action have a view ? – AntiqTech Feb 05 '21 at 22:40
  • Yeah it does.. Do you have time to check out it with team viewer? – Alish Safarli Feb 05 '21 at 22:41
  • Add the code of that view to the end of your question. I'll see if I can spot anything out of ordinary. – AntiqTech Feb 05 '21 at 22:58
  • Do you want a youtube video of it to see full details? so I can make a video of that.. I dont think it is about view.. – Alish Safarli Feb 05 '21 at 23:00
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/228328/discussion-between-antiqtech-and-alish-safarli). – AntiqTech Feb 05 '21 at 23:23

0 Answers0