deploying AntiforgeryToken Error

Asked 3/4, 2013 at 13:37 Answered 15/4, 2016 at 16:52

I am working on an ASP.NET MVC application on my local machine using the Visual Studio 2012 built in IISExpress. After a significant progress I decided to make it available across the Local network, I created a virtual directory from visual studio. I can log in but when I try to register a new user. I get the error below.

The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.

I generated a new machine key from (ASPNET resources) and placed it in my configuration file but is not still working.Can someone suggest a solution?

Clepsydra answered 3/4, 2013 at 13:37 Comment(4)

Please, stop referring to "ASP.NET MVC" simply as "MVC". One is a framework, while other is a language-independent design pattern. It's like calling IE - "the internet" – Bellini 3/4, 2013 at 13:50

While I'll agree that when searching the internet using "MVC" rather than "ASP.NET MVC" might cause you to spend alot of extra time getting to a solution.. but in this case one could just look at the SO Tag that was chosen for this question to understand what the OP was talking about. – Fite 9/8, 2013 at 4:12

It wouldn't hurt to see the asp.net mvc version number as well – Mencius 11/8, 2016 at 21:19

I had this issue in IE11, intermittently. I had two forms, each with its own token. I found that two cookies with the name __RequestVerificationToken were sent, with different values. Once I removed the cookies (all for the domain), the issues disappeared. I do not know why the cookies are there in the first place, and how they correspond to the form fields. – Midas 4/6, 2018 at 15:32

One thing I noticed is that this error could be caused by having multiple @Html.AntiForgeryToken() pieces of code on the page. I had 2 on my page and once I removed the second one, this error went away.

Tamar answered 26/6, 2013 at 13:17 Comment(5)

I can confirm this happened to me also. – Sorghum 23/8, 2013 at 19:6

Me too. For me, the 2nd copy of the @Html.AntiForgeryToken() line was appearing via a partial view. I commented it out in the partial view and my login pages started working again. – Baldachin 5/9, 2013 at 7:13

I had this happen in IE9, where i had accidentally nested a FORM tag. Newer browsers were fine, but older ones were sending multiple tokens. (I had set jquery dialog to appendTo : #Main>form ) – Decompress 22/10, 2013 at 13:54

I have the same problem. I have indeed two @html.antiforgerytoken, but when I remove on of them (the one in partial view), the error still persist. What is more, even when I am running in localhost, it still gives me error. can you help me? – Salespeople 6/7, 2014 at 11:8

Yup, same here. I had one generated token in parent view, and one in the partial where the actual form elements where located. Thanks Louis for the hint! – Sizing 30/5, 2018 at 18:5

You should be adding a machine key that is unique to the website/machine combination. It is this machine key that the token generator uses. This means that you should generate a machine key (which you can do here (dead link-beware) and add it to your Web.config file on your machine. You can find more information here: http://msdn.microsoft.com/en-us/library/ff649308.aspx

You can also do this directly from within IIS: http://blogs.msdn.com/b/amb/archive/2012/07/31/easiest-way-to-generate-machinekey.aspx

Chlorate answered 3/4, 2013 at 14:17 Comment(2)

Read my post, I already tried this earlier. I notice that I do not have Machine Key Icon in my IIS Manager panel. Can that be the problem? – Clepsydra 3/4, 2013 at 15:42

Yes, that could certainly be the problem. Perhaps you have placed the machineKey entry in the wrong place in your Web.config file. Could you post your Web.config so that we can see how and where you added it? – Chlorate 4/4, 2013 at 6:43

There I was able to find the answer http://iamdotnetcrazy.blogspot.ru/2013/08/how-to-solve-anti-forgery-token-could.html

Destrier answered 14/2, 2014 at 15:5 Comment(0)

In my case this was an issue with the load balancer not having session persistance turned on for the site.

Leuco answered 5/3, 2014 at 10:46 Comment(0)

I was having a page which was using the partial view. Both contained @Html.AntiForgeryToken() and on removing the @Html.AntiForgeryToken() from the partial page, it worked.

Tylertylosis answered 15/4, 2016 at 16:52 Comment(0)

Recommended topics

Hot tags