AntiForgery Exception - MachineKey

Topics: Administration
Sep 16, 2011 at 11:09 PM

I am constantly having my session close while editing content on my orchard site on my box (not on the host).  I looked through the IIS Express Trace logs and found that I am getting this exception.

[HttpAntiForgeryException]: A required anti-forgery token was not supplied or was invalid. at System.Web.Helpers.AntiForgeryWorker.Validate(HttpContextBase context, String salt) at System.Web.Helpers.AntiForgery.Validate(HttpContextBase httpContext, String salt) at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) at Orchard.Mvc.AntiForgery.AntiForgeryAuthorizationFilter.OnAuthorization(AuthorizationContext filterContext) in d:\TeamCity\Projects\Orchard-Default\src\Orchard\Mvc\AntiForgery\AntiForgeryAuthorizationFilter.cs:line 37 at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) at System.Web.Mvc.Controller.ExecuteCore() at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.<BeginProcessRequest>b__5() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End() at System.Web.Mvc.MvcHandler.<>c__DisplayClasse.<EndProcessRequest>b__d() at System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) at System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) at Orchard.Mvc.Routes.ShellRoute.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) in d:\TeamCity\Projects\Orchard-Default\src\Orchard\Mvc\Routes\ShellRoute.cs:line 148 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I then looked the post on Setting up a machine Key and added a machine key into the system.web section of the sites root web.config.

    <machineKey decryptionKey="6F30126FFDE71DC60289780A772735BBEF74A9A534AD2BE75A3DB098488DF549,IsolateApps" 
                validationKey="AA3F6A45BAD3DFD7407580520C450584CF1073D8D4AE058D3CD7B7E7AEA7075BDDAFE16D9A42DE7552704D31B33A4E9B3D6470D85E62CB89AA3204C6C617BAA9,IsolateApps" 
                validation="SHA1"
                decryption="AES"/>
This has had no effect on the exception. I am not sure what else I can do to resolve this or how to further diagnose the problem. If you have any suggestions on how to resolve this I would greatly appreciate them.
TIA,
Rick
Coordinator
Sep 16, 2011 at 11:13 PM

I've never seen that problem not being fixed by specifying a machine key. This is a first. You would have to debug this further on that machine I suppose. Did you try on another box?