This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

'The anti-forgery token could not be decrypted' error in App Broker WebsiteMVC.log

Jump to solution
TeriStevenson
By
Level 9

I'm getting an error daily in our websitemvc.log about anti-forgery.  I've look at the web.config file under <system.web> and we have the machine key, decryption key and validation key listed.

In IIS the machine key is configured as auto generated at run time - I'm attaching a screenshot of the configuration.  

Would we be getting these errors because something has changed within our environment that I'm not aware of?  I can't seem to find a reason for the error.

Error: The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
at System.Web.Helpers.AntiXsrf.AntiForgeryTokenSerializer.Deserialize(String serializedToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState)

Error: The required anti-forgery form field "__RequestVerificationToken" is not present

 

‎Nov 19, 2019 01:01 PM - last edited on ‎Oct 06, 2021 10:13 PM by Community Manager Community Manager

Preview file
20 KB
0 Kudos
(1) Solution

Jump to solution
dpiarowski
By Level 4 Flexeran
Level 4 Flexeran

We have only really seen this error when the browser session has ended and the user is still trying to make a request. You can typically avoid this error by asking the users to either start a new browser session or refresh the page then make the request or click the next button. This ensures that a new session is started and the request verification token is present.

View solution in original post

‎Nov 19, 2019 02:57 PM

(2) Replies

Jump to solution
dpiarowski
By Level 4 Flexeran
Level 4 Flexeran

We have only really seen this error when the browser session has ended and the user is still trying to make a request. You can typically avoid this error by asking the users to either start a new browser session or refresh the page then make the request or click the next button. This ensures that a new session is started and the request verification token is present.

‎Nov 19, 2019 02:57 PM

Jump to solution
TeriStevenson
By
Level 9
In response to dpiarowski

Thank you. Is there a way to determine what user could have the browser session still open?  The logs don't provide a user name and the times when this occurs aren't timestamped close to a machine name.

‎Nov 19, 2019 05:25 PM

0 Kudos
Top Kudoed Authors
View all