c# - Kubernetes + Redis : The antiforgery token could not be decrypted

标签 c# asp.net-core kubernetes antiforgerytoken

我正在 Kubernetes 上的 .net core 3.0 上使用 Redis 数据库进行数据保护,但仍然出现以下错误。有任何想法吗?

fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {ffb146a1-0e5e-4f96-8566-425f7c2eb99a} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)


var redis = ConnectionMultiplexer.Connect(Environment.GetEnvironmentVariable("REDIS_CONNSTR"));
services.AddDataProtection().PersistKeysToStackExchangeRedis(redis, "DataProtection-Keys");
services.AddMvc(options =>
{
    options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});

最佳答案

根据以下文章中的文档,需要设置应用程序名称。

services.AddDataProtection()
    .PersistKeysToStackExchangeRedis(redis, "DataProtection-Keys")
    .SetApplicationName("product");

By default, the Data Protection system isolates apps from one another based on their content root paths, even if they're sharing the same physical key repository. This prevents the apps from understanding each other's protected payloads.

To share protected payloads among apps:

  • Configure SetApplicationName in each app with the same value.


https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-3.0

关于这一点的进一步说明。如果您收到 400 Bad Request 并在同一解决方案中使用 API,那么我建议您查看 IgnoreAntiforgeryToken 属性来装饰 CSRF 不适用的方法。
[HttpPost]
[IgnoreAntiforgeryToken]

关于c# - Kubernetes + Redis : The antiforgery token could not be decrypted,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58838593/

上一篇:amazon-web-services - Kubernetes - 没有选择器的服务

下一篇:kubernetes - k8s 中 TLS bootstrap 中的 cluster-info configmap 是什么?

相关文章:

c# - 通过 Migradoc 在 pdf 中添加文档链接

Azure 备份,应用程序设置中的连接字符串是否会导致现有应用程序出现问题?

asp.net-core - Asp.Net Core 5 API Web 以 WCF 等流模式上传大文件

mysql - 使用 k8s StatefulSet 配置 MySQL 复制

azure - 为 kubernetes 负载均衡器分配一个来自内部网络的 IP

kubernetes - 在集群中通过端口进行流利的两种战斗

c# - Bootstrap 3 和 IE 兼容性问题

c# - 从自定义 ILogger 访问 LoggerFilterOptions

c# - 遍历多个 JObject 级别并将信息收集为字符串

c# - 尝试使用启动文件中的 GetSection 访问它们时,配置值为空。(IOptions-config 检索)

©2024 IT工具网  联系我们