-
Title
Error: “System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match.” -
Description
While navigating the PMUser site you may get a “System error occurred. For more information, view the event log.” error. And the following a number of those entries can be found in the event log:
Result: CriticalError
Info:
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery cookie token and form field token do not match.
at System.Web.Helpers.AntiXsrf.TokenValidator.ValidateTokens(HttpContextBase httpContext, IIdentity identity, AntiForgeryToken sessionToken, AntiForgeryToken fieldToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.b__1e(AsyncCallback asyncCallback, Object asyncState)
-
Cause
This is likely related to a load-balancing solution (i.e. F5). Requests are being sent from the same session to a different Password Manager server and therefore causing the error.
-
Resolution
SOLUTION
Resolution 1
Enable some form of sticky session persistence to make sure that requests from the same IP or from the same user is handled by the same Password Manager server until the session is completed.
Check the documentation that comes with your load balancer for details on how to configure session persistence.
Resolution 2
Generate Machine Keys:
The machine keys should be placed inside the section of the web.config file as suggested Microsoft.https://msdn.microsoft.com/en-us/library/w8h3skw9%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396