The antiforgery token could not be decrypted in Asp.net Core

Dung Do Tien Feb 26 2021 432

I have created a form contact in Asp.net core 3.1. I submit that form by using AJAX but after submit I got an error: Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.

This is my HTML form:

@using (Html.BeginForm("About", "StaticPage", FormMethod.Post, new { @id = "form-help" }))
{
    @Html.AntiForgeryToken()
    @Html.ValidationSummary(true)
    <ul class="form">
        <li><h3 class="title">Contact Form</h3></li>
        <li>
            @Html.TextBoxFor(m => m.FullName, new { @class = "input-text", @placeholder = "Fullname *" })
            <span class="text-erro">@Html.ValidationMessageFor(m => m.FullName)</span>
        </li>
        <li>
            @Html.TextBoxFor(m => m.Mobile, new { @class = "input-text", @placeholder = "Mobile *" })
            <span class="text-erro">@Html.ValidationMessageFor(m => m.Mobile)</span>
        </li>
        <li>
            @Html.TextBoxFor(m => m.Message, new { @class = "input-text", @placeholder = "Message *" })
            <span class="text-erro">@Html.ValidationMessageFor(m => m.Message)</span>
        </li>
        <li>
            <span class="msg-tbl display-b mg_0 lh-40 text-align-l" id="lblMessage"></span>
            <button type="button" id="btnSubmit" onclick="AboutUs.SubmitAbout();">Submit</button>
            <button type="reset" id="btnReset"></button>
        </li>
    </ul>
}

And this is my action in the controller:

[HttpPost]
[ValidateAntiForgeryToken]
public async Task<MessageResponse> About(ContactUsInfoModel model)
{
    MessageResponse message = new MessageResponse();
    model.Email = string.Empty;
    model.Address = string.Empty;
    message = await _contactServices.RegisterAsync(model);

    return message;
}

And this message error detail:

Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
 ---> System.Security.Cryptography.CryptographicException: The key {d69c0ce1-8adb-49f9-b0c5-c064719ce3d6} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
System.Security.Cryptography.CryptographicException: The key {d69c0ce1-8adb-49f9-b0c5-c064719ce3d6} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)

Thanks for any suggestion!!

Have 2 answer(s) found.
  • H

    Huyền Trần thị Feb 26 2021

    I also got the same error. I do not use Html.BeginForm() to submit the form, I use <form> tag in asp.net core 3.1 as below and it works for me:

    <form asp-action="About" asp-controller="StaticPage" method="post" asp-antiforgery="false" id="form-help">

    I hope it's helpful for you.

  • c

    cao vũ Feb 26 2021

    I don't know why and also not sure but in my case, it was caused by the anti-forgery token being applied twice in the same form. The second instance was coming from a partial view so wasn't immediately obvious.

Leave An Answer
* NOTE: You need Login before leave an answer

* Type maximum 2000 characters.

* All comments have to wait approved before display.

* Please polite comment and respect questions and answers of others.

Popular Tips

X Close