aspire icon indicating copy to clipboard operation
aspire copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Ant Forgery error on first AppHost run after upgrading to 9.0

Open afscrome opened this issue 4 months ago • 6 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Describe the bug

On the first run of an App Host after upgrading from 8.2 to 9.0.0-preview.4.24477.2 the error logs immediately spewed an error about a invalid Anti Forgery token. This error goes away on subsequent runs, but it's a bit unnerving to get the error.

For what it's worth, a similar antiforgery error can also be reproduced if you downgrade from from 9.0 to 8.2 on the first run after the downgrade and doesn't appear on subsequent runs.

Expected Behavior

No error to be reported.

Steps To Reproduce

  1. Have an AppHost using Aspire 8.2
  2. Run the AppHost
  3. Upgrade to Aspire 9.0.0-preview.4.24477.2
  4. Run the Upgraded AppHost

(Can also be

Exceptions (if any)

info: Aspire.Hosting.DistributedApplication[0]
      Login to the dashboard at https://localhost:17148/login?t=REDACTED
fail: Aspire.Hosting.Dashboard.Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
      An exception was thrown while deserializing the token.
      Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
       ---> System.Security.Cryptography.CryptographicException: The payload was invalid. For more information go to https://aka.ms/aspnet/dataprotectionwarning
         at Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(Byte* pbCiphertext, UInt32 cbCiphertext, Byte* pbAdditionalAuthenticatedData, UInt32 cbAdditionalAuthenticatedData)
         at Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment`1 ciphertext, ArraySegment`1 additionalAuthenticatedData)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

.NET Version info

<Sdk Name="Aspire.AppHost.Sdk" Version="9.0.0-preview.4.24477.2" />	

    <PackageVersion Include="Aspire.Hosting" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.AppHost" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.RabbitMQ" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.Redis" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.SqlServer" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Hosting.Testing" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.Microsoft.Data.SqlClient" Version="9.0.0-preview.4.24477.2" />
    <PackageVersion Include="Aspire.RabbitMQ.Client" Version="9.0.0-preview.4.24477.2" />

image

Anything else?

No response

afscrome avatar Sep 27 '24 18:09 afscrome