anti-forgery and time-out when posting content

Topics: General, Troubleshooting
Oct 10, 2011 at 3:35 PM

I get the exception below in my IIS Express trace logs when I am editing content and save or publish it on my local box using Win7, SQL Server 2008 R2, WebMatrix or VS2010.  It is a frequent but not consistent error.  I get the dreaded 500 error after a pregnant pause while "connecting" to the server.  If anyones has a clue or event thinks they have a clue about what it going on here.  I would appreciate your feedback.


[HttpAntiForgeryException (0x80004005): A required anti-forgery token was not supplied or was invalid.] System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt) +121077 System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt) +45 System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) +68 Orchard.Mvc.AntiForgery.AntiForgeryAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext) in d:\TeamCity\Projects\Orchard-Default\src\Orchard\Mvc\AntiForgery\AntiForgeryAuthorizationFilter.cs:37 System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +102 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343 System.Web.Mvc.Controller.ExecuteCore() +116 System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97 System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10 System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +37 System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +21 System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) +12 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +62 System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +50 System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7 System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 Orchard.Mvc.Routes.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) in d:\TeamCity\Projects\Orchard-Default\src\Orchard\Mvc\Routes\ShellRoute.cs:148 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8964029 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184

Oct 10, 2011 at 5:07 PM

Do you have a machine key configured?

Oct 10, 2011 at 9:54 PM

Sorry I forgot to mention I have been through that information. Here is the entry I have in my web.config in the system.web. I did this quite a while ago with no change in the behavior.

<machineKey decryptionKey="6F30126FFDE71DC60289780A772735BBEF74A9A534AD2BE75A3DB098488DF549,IsolateApps" validationKey="AA3F6A45BAD3DFD7407580520C450584CF1073D8D4AE058D3CD7B7E7AEA7075BDDAFE16D9A42DE7552704D31B33A4E9B3D6470D85E62CB89AA3204C6C617BAA9,IsolateApps" validation="SHA1" decryption="AES"/>

Thanks for the response,


W. Rick Smith
Kailana Inc.

Oct 10, 2011 at 9:57 PM

Well now you machine key is public, you can change it ;)

Oct 10, 2011 at 10:04 PM

Is anybody else seeing that? You should file a bug in any case (and change your machine key, Sébastien is right: your machine key is a secret).

Oct 10, 2011 at 10:48 PM

Don’t worry, it was replaced Immediately after I sent it to you. J

W. Rick Smith
Kailana Inc.

Oct 13, 2011 at 3:28 PM

I wanted to follow up on this. I tried editing content on my hosted site instead on my box and not an issue. So it was clear it was my computer and not anything about my Orchard installation. So I do whenever I have weird and unusual behavior in my software that seems to have no basis. If you guessed rebuild my box you just lost ten points. J I turned off my anti-virus software, AVG. Haven’t seen the problem since I did. However, I have not added a lot of content. So I don’t know that it is the cause conclusively but there is strong evidence.

I thought you might want to know.

W. Rick Smith
Kailana Inc.