The anti-forgery cookie token and form field token do not match.
- 21
- 143
- 2/10/2016
- Iran (Islamic Republic of)
Hi good day.
in this url http://www.developerfusion.com/tools/generatemachinekey
which one should i use ?
ASP.NET 1.1 Machine Key
or
ASP.NET 2 Machine Key
and where in web.config should i put that code ?
my problem is when i log in admin area and go to management area it open a small window in the middle of page that written "error happened"
i see log details that wrote
Log level
Error
Short message
The anti-forgery cookie token and form field token do not match.
Full message
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match. at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) at System.Web.Helpers.AntiForgery.Validate() at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) at Nop.Web.Framework.Security.AdminAntiForgeryAttribute.OnAuthorization(AuthorizationContext filterContext) at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<BeginExecuteCore>b__1c(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<BeginExecute>b__14(AsyncCallback asyncCallback, Object callbackState, Controller controller) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
in this url http://www.developerfusion.com/tools/generatemachinekey
which one should i use ?
ASP.NET 1.1 Machine Key
or
ASP.NET 2 Machine Key
and where in web.config should i put that code ?
my problem is when i log in admin area and go to management area it open a small window in the middle of page that written "error happened"
i see log details that wrote
Log level
Error
Short message
The anti-forgery cookie token and form field token do not match.
Full message
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match. at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken) at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext) at System.Web.Helpers.AntiForgery.Validate() at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext) at Nop.Web.Framework.Security.AdminAntiForgeryAttribute.OnAuthorization(AuthorizationContext filterContext) at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__19(AsyncCallback asyncCallback, Object asyncState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<BeginExecuteCore>b__1c(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state) at System.Web.Mvc.Controller.<BeginExecute>b__14(AsyncCallback asyncCallback, Object callbackState, Controller controller) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__4(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback callback, Object state) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
- 3
- 25
- 5/24/2016
- Germany
After defining a machine key in web.config:
<system.web>
<machineKey validationKey="CB95352CE9E02AC8079B51C6C77F6C2162BC3460618F957EEE54B96C912BCAF46E07A8D643BA1C9ED8968DD456195974F6069D1C59B00F2F5A7427F375EB8971" decryptionKey="346FAC441DB778808572A77A1159A8198E2DBE5F584E573E5B36BA3615E84FDB" validation="SHA1" decryption="AES"
/>
with the help of
http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx
I got 2 new error messages in my log:
"The anti-forgery cookie token and form field token do not match."
and
"The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster."
I did not found a solution here in the nopcommerce forums but then I found the solution myself:
I removed these error messages by disabling
Enable XSRF protection for admin area
Enable XSRF protection for public store
in the General Settings
Hope this helps!
Greets,
Tilman
<system.web>
<machineKey validationKey="CB95352CE9E02AC8079B51C6C77F6C2162BC3460618F957EEE54B96C912BCAF46E07A8D643BA1C9ED8968DD456195974F6069D1C59B00F2F5A7427F375EB8971" decryptionKey="346FAC441DB778808572A77A1159A8198E2DBE5F584E573E5B36BA3615E84FDB" validation="SHA1" decryption="AES"
/>
with the help of
http://www.allkeysgenerator.com/Random/ASP-Net-MachineKey-Generator.aspx
I got 2 new error messages in my log:
"The anti-forgery cookie token and form field token do not match."
and
"The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster."
I did not found a solution here in the nopcommerce forums but then I found the solution myself:
I removed these error messages by disabling
Enable XSRF protection for admin area
Enable XSRF protection for public store
in the General Settings
Hope this helps!
Greets,
Tilman
- 41
- 205
- 1/24/2013
- Czech Republic
Hi.
Have same problem. I have machineKey set in web.config.
Additionally I have this event in event log:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 28.06.2017 19:19:59
Event time (UTC): 28.06.2017 16:19:59
Event ID: 58d3149a34bc400f95ddc6e934fd930b
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/1/ROOT-2-131431403932920000
Trust level: Full
Application Virtual Path: /
Application Path:
Machine name: APP
Process information:
Process ID: 2648
Process name: w3wp.exe
Account name: APP\nop
Request information:
Request URL:
Request path: /admin
User host address:
User:
Is authenticated: False
Authentication Type:
Thread account name: APP\nop
Have same problem. I have machineKey set in web.config.
Additionally I have this event in event log:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 28.06.2017 19:19:59
Event time (UTC): 28.06.2017 16:19:59
Event ID: 58d3149a34bc400f95ddc6e934fd930b
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/1/ROOT-2-131431403932920000
Trust level: Full
Application Virtual Path: /
Application Path:
Machine name: APP
Process information:
Process ID: 2648
Process name: w3wp.exe
Account name: APP\nop
Request information:
Request URL:
Request path: /admin
User host address:
User:
Is authenticated: False
Authentication Type:
Thread account name: APP\nop