The antiforgery token could not be decrypted in Asp.net Core
I have created a form contact in Asp.net core 3.1. I submit that form by using AJAX but after submit I got an error: Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
This is my HTML form:
@using (Html.BeginForm("About", "StaticPage", FormMethod.Post, new { @id = "form-help" }))
{
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)
<ul class="form">
<li><h3 class="title">Contact Form</h3></li>
<li>
@Html.TextBoxFor(m => m.FullName, new { @class = "input-text", @placeholder = "Fullname *" })
<span class="text-erro">@Html.ValidationMessageFor(m => m.FullName)</span>
</li>
<li>
@Html.TextBoxFor(m => m.Mobile, new { @class = "input-text", @placeholder = "Mobile *" })
<span class="text-erro">@Html.ValidationMessageFor(m => m.Mobile)</span>
</li>
<li>
@Html.TextBoxFor(m => m.Message, new { @class = "input-text", @placeholder = "Message *" })
<span class="text-erro">@Html.ValidationMessageFor(m => m.Message)</span>
</li>
<li>
<span class="msg-tbl display-b mg_0 lh-40 text-align-l" id="lblMessage"></span>
<button type="button" id="btnSubmit" onclick="AboutUs.SubmitAbout();">Submit</button>
<button type="reset" id="btnReset"></button>
</li>
</ul>
}
And this is my action in the controller:
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<MessageResponse> About(ContactUsInfoModel model)
{
MessageResponse message = new MessageResponse();
model.Email = string.Empty;
model.Address = string.Empty;
message = await _contactServices.RegisterAsync(model);
return message;
}
And this message error detail:
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
---> System.Security.Cryptography.CryptographicException: The key {d69c0ce1-8adb-49f9-b0c5-c064719ce3d6} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
System.Security.Cryptography.CryptographicException: The key {d69c0ce1-8adb-49f9-b0c5-c064719ce3d6} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
Thanks for any suggestion!!
- H1
Huyền Trần thị Feb 26 2021
I also got the same error. I do not use Html.BeginForm() to submit the form, I use <form> tag in asp.net core 3.1 as below and it works for me:
<form asp-action="About" asp-controller="StaticPage" method="post" asp-antiforgery="false" id="form-help">
I hope it's helpful for you.
- c0
cao vũ Feb 26 2021
I don't know why and also not sure but in my case, it was caused by the anti-forgery token being applied twice in the same form. The second instance was coming from a partial view so wasn't immediately obvious.
* Type maximum 2000 characters.
* All comments have to wait approved before display.
* Please polite comment and respect questions and answers of others.