RolandGuijt
commented
2 months ago This doesn't seem to have anything to do with IdentityServer since the stacktrace is mentioning an anti forgery token that can't be decrypted. Having said that: please take a look at how data protection is setup in your project and check if the process has access to the key material. Also when this is running on multiple instances, make sure the application name is set. More info here.
Which version of Duende IdentityServer are you using? 7.0.5 Which version of .NET are you using? NET 8 Describe the bug
Got the following Warn and Failed error after upgrading Duende from 6.0.0 to 7.0.5
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured. Key {3d012214-d663-488f-9d78-a11a1e61b18e} may be persisted to storage in unencrypted form. info: Duende.IdentityServer.Startup[0] Starting Duende IdentityServer version 7.0.5+11906052da057e72f04ee755c1f4953b6cb93ac3 (.NET 8.0.6) info: Duende.IdentityServer.License[0] You have a valid license key for the Duende software Business edition for use at SS&C Technologies Canada Corporation. The license expires on Monday, September 16, 2024. info: Duende.IdentityServer.Startup[0] Using the default authentication scheme idsrv for IdentityServer info: Microsoft.Hosting.Lifetime[14] Now listening on: https://localhost:5000 info: Microsoft.Hosting.Lifetime[0] Application started. Press Ctrl+C to shut down. info: Microsoft.Hosting.Lifetime[0] Hosting environment: Development info: Microsoft.Hosting.Lifetime[0] Content root path: C:\Projects\Main_NET8\GWPA Portal\IDP info: Duende.IdentityServer.Hosting.IdentityServerMiddleware[0] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration info: Duende.IdentityServer.Hosting.IdentityServerMiddleware[0] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.AuthorizeEndpoint for /connect/authorize info: Duende.IdentityServer.ResponseHandling.AuthorizeInteractionResponseGenerator[0] Showing login: request contains prompt=login fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {1146654e-a102-469b-ac61-ecd787a4e549} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
To Reproduce
Upgrade duende from 6.0.0 to 7.0.5 by following the steps https://docs.duendesoftware.com/identityserver/v7/upgrades/
Expected behavior We should not get any warn or failed error
Log output/exception with stacktrace
data