Have had this site on an Azure WebApp as a test site for a week or so with no issues. Setting it as a live site the logs get this error every minute:-
Failed to format passed in token value
System.Security.Cryptography.CryptographicException: Error occurred during a cryptographic operation.
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input)
at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.Unprotect(Byte[] protectedData)
at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket)
at Umbraco.Core.StringExtensions.DecryptWithMachineKey(String value)
at Umbraco.Web.Mvc.AdminTokenAuthorizeAttribute.AuthorizeCore(HttpContextBase httpContext)
Googling suggests a Scheduled Task might be the culprit. There is one set up to run every 10 mins but it hasn't run in several hours, though it was running as a test site.
<scheduledTasks>
<!-- add tasks that should be called with an interval (seconds) -->
<task log="true" alias="MyDataImport" interval="600" url="http://www.mysite.co.uk/umbraco/api/scheduledimport/getlist?updateLimit=10" />
</scheduledTasks>
The Azure Web App is currently running as a free trial until it's credit runs out and all url's have been changed as necessary once the custom domain was applied.
Carried out a hard stop/start of the web app. Still getting the errors every minute.
It looks like it is the schedule publish task that hits the site every minute. If you have multiple instances, the the master server and admin server can sometimes be different, and without a machine key in the web.config, the authentication between the servers will fail.
I didn't have a machine key set as it's only a single instance web app. However, I just set one and it's still the same. Also getting the odd:
Could not validate XSRF token System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster. at System.Web.Helpers.AntiXsrf.AntiForgeryTokenSerializer.Deserialize(String serializedToken) at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext, String cookieToken, String formToken) at Umbraco.Web.WebApi.Filters.AngularAntiForgeryHelper.ValidateTokens(String cookieToken, String headerToken)
Which I guess is also encryption related. I think that's from Umbraco Forms :(
Could your test site or development site or another environment be pointing to the same database? If so do those also have the same machine key? You can check the dbo.umbracoServer table in the data base to see what active machines are using that database.
Is your Application Url set in the UmbracoSettings.config. Set a baseUrl attribute on your
Also if the application URL is set, and one of your non-prod instances have the same url setting, again they could be the ones sending the requests.
Another idea would be to enable http logging in your azure instance and figure out where the request is coming from via the IP of the request.
The site was taken over from an agency. The dbo.umbracoServer table shows 8 entries, some of which will be their production and test machines. Only 1 is showing as active though so I guess their machines aren't causing the problem? Will try setting the baseUrl.
Setting a baseUrl and restarting hasn't fixed the issue.
I'm pretty sure the error is being caused by the site in the web app as the Scheduled Task hasn't run since we added the domain name to the web app, about 28 hrs ago. The task should run every 10 mins. We have a full log file of encryption errors instead.
If you remove the entry from the table, it will just get added back - I don't think there's any way to block a server from becoming the master.
You can, however, temporarily move the master machine by updating the isMaster flag (set original one to 0, and the new one to 1), but eventually it will get changed again. But this should temporarily fix the issue.
Their production/test machines also need the same machine key and other configs (baseUrl, scheduled tasks). The 'master' server is the one doing the http requests for the schedule tasks, so it needs the same machine key as the destination.
Did you ever check the http logs to check where those invalid requests were coming from (and your server is seeing the schedule tasks request)?
If you're sure that the production server is the master, is sending/receiving the schedule tasks' http requests, and there is a valid machine key in the web.config, then I'm out of ideas.
Looked at the web logs as you suggested. Found the calls where from an external IP address belonging to a UK ISP. Have now blocked it in web.config using:
Azure System.Security.Cryptography.CryptographicException
Umb 7.3.7 (legacy site)
Have had this site on an Azure WebApp as a test site for a week or so with no issues. Setting it as a live site the logs get this error every minute:-
Googling suggests a Scheduled Task might be the culprit. There is one set up to run every 10 mins but it hasn't run in several hours, though it was running as a test site.
The Azure Web App is currently running as a free trial until it's credit runs out and all url's have been changed as necessary once the custom domain was applied.
Carried out a hard stop/start of the web app. Still getting the errors every minute.
Any advice would be appreciated.
Do you have a machine key set in your web.config?
It looks like it is the schedule publish task that hits the site every minute. If you have multiple instances, the the master server and admin server can sometimes be different, and without a machine key in the web.config, the authentication between the servers will fail.
See https://our.umbraco.org/documentation/getting-started/setup/server-setup/load-balancing/ for more info on how to generate a machine key.
I have not tried it yet but these links seems to provide some useful info about machine key issue :)
https://blogs.msdn.microsoft.com/ukadc/2012/01/31/deploying-umbraco-to-windows-azure/
https://stackoverflow.com/questions/3855666/adding-machinekey-to-web-config-on-web-farm-sites
Machine keys have been added to web.config (so app restarted) still getting the error.
I didn't have a machine key set as it's only a single instance web app. However, I just set one and it's still the same. Also getting the odd:
Which I guess is also encryption related. I think that's from Umbraco Forms :(
Could your test site or development site or another environment be pointing to the same database? If so do those also have the same machine key? You can check the dbo.umbracoServer table in the data base to see what active machines are using that database.
Is your Application Url set in the UmbracoSettings.config. Set a baseUrl attribute on your
Also if the application URL is set, and one of your non-prod instances have the same url setting, again they could be the ones sending the requests.
Another idea would be to enable http logging in your azure instance and figure out where the request is coming from via the IP of the request.
Hi Kevin,
Thanks for this.
The site was taken over from an agency. The dbo.umbracoServer table shows 8 entries, some of which will be their production and test machines. Only 1 is showing as active though so I guess their machines aren't causing the problem? Will try setting the baseUrl.
Setting a baseUrl and restarting hasn't fixed the issue.
I'm pretty sure the error is being caused by the site in the web app as the Scheduled Task hasn't run since we added the domain name to the web app, about 28 hrs ago. The task should run every 10 mins. We have a full log file of encryption errors instead.
If you remove the entry from the table, it will just get added back - I don't think there's any way to block a server from becoming the master.
You can, however, temporarily move the master machine by updating the isMaster flag (set original one to 0, and the new one to 1), but eventually it will get changed again. But this should temporarily fix the issue.
Their production/test machines also need the same machine key and other configs (baseUrl, scheduled tasks). The 'master' server is the one doing the http requests for the schedule tasks, so it needs the same machine key as the destination.
That's not the issue then as the correct machine IS the master according to the DB.
https://our.umbraco.org/Documentation/Reference/Config/umbracoSettings/ states that the baseUrl is obsolete as of 7.2.7. So have added the umbracoApplicationUrl value and touched web.config to restart app pool. Still getting same errors. Still losing hair ;)
Did you ever check the http logs to check where those invalid requests were coming from (and your server is seeing the schedule tasks request)?
If you're sure that the production server is the master, is sending/receiving the schedule tasks' http requests, and there is a valid machine key in the web.config, then I'm out of ideas.
Hey Kevin,
Looked at the web logs as you suggested. Found the calls where from an external IP address belonging to a UK ISP. Have now blocked it in web.config using:
Thanks for your help.
is working on a reply...