search

dotnet / aspire

Tools, templates, and packages to accelerate building observable, production-ready apps
https://learn.microsoft.com/dotnet/aspire
MIT License
3.88k stars 469 forks source link

Ant Forgery error on first AppHost run after upgrading to 9.0 #5989

Closed afscrome closed 1 month ago

afscrome commented 1 month ago

Is there an existing issue for this?

Describe the bug

On the first run of an App Host after upgrading from 8.2 to 9.0.0-preview.4.24477.2 the error logs immediately spewed an error about a invalid Anti Forgery token. This error goes away on subsequent runs, but it's a bit unnerving to get the error.

For what it's worth, a similar antiforgery error can also be reproduced if you downgrade from from 9.0 to 8.2 on the first run after the downgrade and doesn't appear on subsequent runs.

Expected Behavior

No error to be reported.

Steps To Reproduce

  1. Have an AppHost using Aspire 8.2
  2. Run the AppHost
  3. Upgrade to Aspire 9.0.0-preview.4.24477.2
  4. Run the Upgraded AppHost

(Can also be

Exceptions (if any)

info: Aspire.Hosting.DistributedApplication[0]
      Login to the dashboard at https://localhost:17148/login?t=REDACTED
fail: Aspire.Hosting.Dashboard.Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
      An exception was thrown while deserializing the token.
      Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
       ---> System.Security.Cryptography.CryptographicException: The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning
         at Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(Byte* pbCiphertext, UInt32 cbCiphertext, Byte* pbAdditionalAuthenticatedData, UInt32 cbAdditionalAuthenticatedData)
         at Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment`1 ciphertext, ArraySegment`1 additionalAuthenticatedData)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

.NET Version info

<Sdk Name="Aspire.AppHost.Sdk" Version="9.0.0-preview.4.24477.2" /> 
    <PackageVersion Include="Aspire.Hosting" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.AppHost" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.RabbitMQ" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.Redis" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.SqlServer" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.Testing" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Microsoft.Data.SqlClient" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.RabbitMQ.Client" Version="9.0.0-preview.4.24477.2" />

image

Anything else?

No response

radical commented 1 month ago

cc @JamesNK @adamint

JamesNK commented 1 month ago

I believe this is caused by different data protection keys being used when the file name or location on disk changes between versions.

~@amcasey Is there a way to store the data protection key on disk more constant between versions?~ Discussion offline.

captainsafia commented 1 month ago

@JamesNK @amcasey Out of curiosity, what was the conclusion of your offline discussion?

JamesNK commented 1 month ago

None yet. It's ongoing.

afscrome commented 1 month ago

I've also started seeing this on 8.x when using with multiple aspire projects - If I swap from one AppHost to a different AppHost, the first time I run the new app host throws the anti forgery error and then everythgn is fine until I swap back to the first app host - on it's first run it throws the error and then is fine until I swap back.

JamesNK commented 1 month ago

Is the version of Aspire dashboard changing between app hosts? The only scenario we know of that causes this error is moving from one version to another.

cecilphillip commented 1 month ago

This started happen in one of my projects this weekend after upgrading to 8.2.1. Clearing all the browser cookies in the Dashboard fixed it for me