Antiforgery token could not be decrypted exception in .net .core web app

Question

I am developing asp.net core web application. I use Identity for user authorization. When session expires user redirectes to Login View. Then user tries to submit login form, and sometimes appeares this exception:

Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgeryTokenSerializer. 
The antiforgery token could not be decrypted. 

But user can logg inn without problems if he reloads page and tries to submit form again.

I dont have this problem with the same website on the local machine.

I have read that anti-forgery token which being applied twice in the same form can cause this feil, but i have only one token, i have checked.

Other suggestion was to use

<machineKey decryptionKey="Decryption key goes here, IsolateApps" 
                validationKey="Validation key goes here, IsolateApps" />
  </system.web> 

This discribes in this article and situation is similar to mine. But article is old from 2013. So i am not sure if i can use this with asp.net core. People said this way doesn't work in asp.net core. I didnt find any other suggestion how can i fix problem in asp.net core. So maybe somebody had the same problem and can help me?

Answer 1

I don't have this problem with the same website on the local machine.

Are you deploying your application to multiple machines? Then, you're on the right track looking at the machine key. The problem is that the different web servers will encrypt and decrypt differently.

This article explains data protection with ASP.NET core: https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/introduction

Which data protection provider you choose will depend on your environment.