个人中心
gpt4 book ai didi

c# - Kubernetes + Redis : The antiforgery token could not be decrypted

转载 作者:行者123 更新时间:2023-12-02 11:32:36 24 4
gpt4 key购买 nike

我正在 Kubernetes 上的 .net core 3.0 上使用 Redis 数据库进行数据保护,但仍然出现以下错误。有任何想法吗?

fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {ffb146a1-0e5e-4f96-8566-425f7c2eb99a} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)


var redis = ConnectionMultiplexer.Connect(Environment.GetEnvironmentVariable("REDIS_CONNSTR"));
services.AddDataProtection().PersistKeysToStackExchangeRedis(redis, "DataProtection-Keys");
services.AddMvc(options =>
{
    options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});

最佳答案

根据以下文章中的文档,需要设置应用程序名称。

services.AddDataProtection()
    .PersistKeysToStackExchangeRedis(redis, "DataProtection-Keys")
    .SetApplicationName("product");

By default, the Data Protection system isolates apps from one another based on their content root paths, even if they're sharing the same physical key repository. This prevents the apps from understanding each other's protected payloads.

To share protected payloads among apps:

  • Configure SetApplicationName in each app with the same value.


https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-3.0

关于这一点的进一步说明。如果您收到 400 Bad Request 并在同一解决方案中使用 API,那么我建议您查看 IgnoreAntiforgeryToken 属性来装饰 CSRF 不适用的方法。 
[HttpPost]
[IgnoreAntiforgeryToken]

关于c# - Kubernetes + Redis : The antiforgery token could not be decrypted,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58838593/

24 4 0
文章推荐: ruby-on-rails - 在 Minikube 中调试 rails 应用程序
文章推荐: kubernetes - k8s 中 TLS bootstrap 中的 cluster-info configmap 是什么?
文章推荐: amazon-web-services - Kubernetes - 没有选择器的服务
文章推荐: kubernetes - 仅监控一个命名空间指标 - Prometheus with Kubernetes
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com