Error 400 with Kentico Form

Hi Francis,

This issue looks really strange. Are there any messages in the Kentico Event log app?

Hey Dmitry,

Thanks for thaking the time to look at this.

I had a look at the event log and there is one issue that seems to be persistant since i set the site up yesterday.

Source:Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery

Event code:TokenDeserializeException

Description An exception was thrown while deserializing the token. Message: The antiforgery token could not be decrypted.

Exception type: Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException Stack trace: at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

Message: The key {350b33cd-47a5-49a7-90b7-88575a9cf88e} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning

Exception type: System.Security.Cryptography.CryptographicException Stack trace: at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)

Ok, that looks like the source of your issue. Kentico forms are using Antiforgery Tokens to validate the form submission and defend against DOS attacks.

Is this problem only on your local machine? Or can you reproduce it in other environments? Do you use docker (there might be issue with it)? Does it work ok if you open in incognito or clear your cookies?

So this issue is occuring on our UAT server, it is working fine on my local.

We are not using docker.

I have tried both clearing cookies and using incoginito and it remains the same.

Ok, there are couple more things you could try. Please read through these 2 materials, perhaps adjusting hosting settings may help: blog article, github issue thread.

It could be that your app cannot access the keys required for antiforgery to work, something like that.

Are you running on web farms? E.g. the front end apps are in a web farm? If yes, how are you handling and storing sessions? Also, I would recommend setting the same machine key on the servers. If you search for the error on Google, there are many StackOverflow threads on this topic too.

We had this error for one of our customers as well. Are you using 'services.AddDataProtection' in your 'Startup.cs'? We solved this error by persisting the keys to azure blob storage instead of them being stored in a folder in our Azure App Service and being removed from time to time (e.g. after deployments).

services.AddDataProtection()
  .PersistKeysToAzureBlobStorage(azureStorageConnectionString, containerName, "dataprotection");

Hey,

Thanks for all the responses!

I will take some time to go through them and i will reply here when i have an update.

We have another project that was in core and went live and didnt have this issue on the same enviroments which is what makes this confusing. I have compared the projects and there isnt any visible differences.

I am currently running on web farms and i will have a look into this.

I am not using services.AddDataProtection() currently in any of the projects.

Thanks!