如果我使用机器密钥仍然我得到此错误防伪cookie令牌和表单字段令牌不匹配。

Question

在我的场景中，由于服务器可用性，我在两个不同的服务器上托管相同的mvc应用程序，并避免流量。

当我首次登录应用程序2-3次时，我收到此错误“防伪cookie令牌和表单字段令牌不匹配”。然后正确运行应用程序。

以下是我的应用程序的Web配置文件。

  <system.web>
        <compilation debug="false" targetFramework="4.6" />
        <httpRuntime targetFramework="4.6" requestValidationMode="4.5" enableVersionHeader="false" />
        <machineKey validationKey="FF4636C4DF933BE453F9B94810661C5F5625794E5DCA46A3C281EB18CC5410386A4B38F5E4C7D7106C049C9EB10F31C2F4E76E74616ABD36DC6C64AF2BFF6801" decryptionKey="667F9049734567FF3E7BC7031DF4B4431F992A447CE2FB3258F6EE989BA82E8F" validation="SHA1" decryption="AES" />
        <httpHandlers>
          <add path="*" verb="OPTIONS" type="System.Web.DefaultHttpHandler" validate="true" />
          <add path="*" verb="TRACE" type="System.Web.DefaultHttpHandler" validate="true" />
          <add path="*" verb="HEAD" type="System.Web.DefaultHttpHandler" validate="true" />
        </httpHandlers>
        <authorization>
          <deny verbs="OPTIONS" users="*" />
          <deny verbs="TRACE" users="*" />
          <deny verbs="HEAD" users="*" />
        </authorization>
        <authentication mode="Forms">
          <forms loginUrl="~/Login/Login" defaultUrl="~/Home/Home" path="/" name="test" cookieless="UseCookies" requireSSL="true" slidingExpiration="false" timeout="2880" protection="All" />
        </authentication>
        <httpCookies httpOnlyCookies="true" requireSSL="true" />
        <sessionState timeout="20" />
        <customErrors mode="On" defaultRedirect="~/Home/ErrorPage" />
        <trace enabled="false" localOnly="true" />
      </system.web>
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <dependentAssembly>
            <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
      <system.codedom>
        <compilers>
          <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
          <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
        </compilers>
      </system.codedom>
     <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <defaultDocument enabled="false" />
        <httpRedirect enabled="false" />
        <handlers>
          <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
          <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
          <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
          <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
          <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
          <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
        </handlers>
        <security>
          <requestFiltering>
            <verbs allowUnlisted="true">
              <add verb="OPTIONS" allowed="false" />
            </verbs>
          </requestFiltering>
        </security>
        <httpProtocol>
          <customHeaders>
            <clear />
            <add name="X-Frame-Options" value="DENY" />
            <remove name="X-Powered-By" />
          </customHeaders>
        </httpProtocol>
      </system.webServer>

和控制器代码

  [HttpGet]
        [AllowAnonymous]
        [OutputCache(NoStore = true, Duration = 3600, VaryByParam = "None")]
        public ActionResult Login()
        {
            UserLoginViewModel um = new UserLoginViewModel();         
            return View(um);
        }

        [HttpPost]
        [AllowAnonymous]        
        [ValidateAntiForgeryToken]              
        public ActionResult Login(UserLoginViewModel u)
        {
            try
            {
              ...
             }
        }
        catch(exception ex)
         {
         }
    }

查看代码

   @using (Html.BeginForm("Login", "Login", FormMethod.Post, new { id = 
       "frmLogin" }))
        {
            @Html.AntiForgeryToken()

            <div class="dialog">
        ....
        </div>
        }

Please Suggest !
Thanks in advanced

Answer 1

只需在Web.config中注释以下行即可。

httpCookies httpOnlyCookies =“true”requireSSL =“true”