.Net 核心 AntiForgeryToken 与服务器不匹配

Question

我正在开发 Asp.Net 核心应用程序，应用程序在我的本地运行良好，但我无法验证服务器上的防伪令牌。 错误：“Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException：无法解密防伪令牌。”

下面是代码。

@section scripts {
<script type="text/javascript">
    $(document).ready(function() {
        $("#btnstart").click(function(e) {
            let productvals = $("#productlist").val();
            let runnumber = $("#runnum").val();
            let btnval = $("#btnstart").val();
            e.preventDefault();
            $.ajax({
                url: "@Url.Action("
                CheckRunnumber ","
                Validation ")",
                type: "POST",
                dataType: "json",
                data: {
                    runnumber: $('#runnum').val()
                },
                success: function(data) {
                    if (data.success == "True") {
                        console.log(data);
                        console.log(data.btnstartval);
                        //$("#Runform").submit();
                        if ($("#Runform").valid()) {
                            console.log(productvals, runnumber, data.btnstartval);
                            console.log(gettoken());
                            $.ajax({
                                url: "@Url.Action("
                                RunCase ", "
                                CallService ")",
                                type: "POST",
                                dataType: "json",
                                data: {
                                    products: productvals,
                                    runnumber: runnumber,
                                    button: data.btnstartval,
                                    __RequestVerificationToken: gettoken()
                                },
                                contentType: 'application/x-www-form-urlencoded; charset=utf-8'
                            });
                        } else {
                            alert("Error");
                            e.preventDefault();
                        }
                    }
                }
            });

            function gettoken() {
                var token = '@Html.AntiForgeryToken()';
                token = $(token).val();
                return token;
            }
        }
    }
</script>
}

为了比较这个令牌，我在控制台窗口上记录了它，它与检查窗口内的应用程序选项卡下的不同。

下面是我得到的错误日志。

2020-10-08T13:00:05.5115395-05:00 0HM3BMFTTVJ22:00000001 [ERR] An exception was thrown while deserializing the token. (348bf365)
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
 ---> System.Security.Cryptography.CryptographicException: The key {dbeef040-4a73-45ff-8b62-064683015ea1} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
   at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
2020-10-08T13:00:35.9439222-05:00 0HM3BMFTTVJ22:00000004 [INF] Process not found (d326d86c)

Answer 1

您将应用程序托管在共享服务器后端还是其他地方？您的应用似乎没有足够的权限来读取密钥。

我建议您可以尝试修改 IIS 应用程序池标识以获得足够的权限来读取密钥。更多细节，您可以参考以下步骤：

1.打开IIS管理控制台：

2.选择您的应用程序池

3.将应用程序池身份修改为本地系统或其他有足够权限访问您的密钥的域帐户。

如果这不能解决您的问题，您能否分享一下 startup.cs 设置？