5

I have 4 docker container in a yml file.

  1. Db container
  2. Identity Server Container (asp.net core application with identity server)
  3. Api Server (asp.net core application)
  4. Client (Angular 9 app)

Everything works well on development windows machine and I deployed it on one of client on his windows server and I hosted all application on IIS with 3 different sites on IIS and a separate database.

Now, what I want is to deploy it on linux docker container, overall configuration works well, though need improvements(which I can do) but I am stuck at the following error, and with docker logs on Identity server container it show following error

fail: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[7] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {d7972341-6e64-467d-af09-124f5ba3e3a8} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

Remember I am using a pfx file for certificate on Identity Server container.

I just don't understand where this key issue is coming and where this key is not found in the key ring ?

Any help or discussion would be highly appreciated.

After success, I want to deploy it either on Digital Ocean

Rahman Bokhari
  • 125
  • 1
  • 7
  • Perhaps this helps https://stackoverflow.com/questions/42103004/using-antiforgery-in-asp-net-core-and-got-error-the-antiforgery-token-could-no#47143941 – Dennis VW Jun 13 '20 at 03:55
  • yes, I went through that before and that code is present in startup.cs file as well. – Rahman Bokhari Jun 13 '20 at 16:16

3 Answers3

2

After again through research and different solution, got one solution seems to work somewhat. The solution from this post https://github.com/dotnet/aspnetcore/issues/3540 by StefanoChiodino works well so far.

What I have done is to just recreate all containers with all different ports binding and yes it works and generates proper keys that can be decrypted by Identity Server.

Rahman Bokhari
  • 125
  • 1
  • 7
0

This error arises when the presented anti-forgery token is not on the persisted grants of the application. Are you implement the IPersistedGrant interface or are you saving that information in-memory? This errors were presented after a release or on rebooting the server?

A common reason is having this information in-memory and rebooting the server.

Another reason is deleting the information on the dbo."PersistedGrants" database.

If you have implemented the IPersistedGrants interface, do you have multiple instances of that database?

I hope this helps you!

Jose Ignacio Ochoa
  • 31
  • 3
0

You should do 2 thing to fix it:

  1. Run your applicattion on port 443
  2. Set the variable ASPNETCORE_ENVIRONMENT: "Development"

Thats how dockercompose & dockerfile file should be: Docker file Docker Compose

It worked for me .

hesolar
  • 543
  • 4
  • 23