ASP.NET Core ID - Invalid Token (Linux)
I am using the latest .NET Core (1.1) and EF Core to build my ASP.NET website and I am also using an ASP.NET identity and I have already published my site to an Azure host and everything is working as expected there (including mine local Windows host). However, I am now migrating to my own Linux (Centos 7) dedicated server with Apache and the site is working for me, however I am getting "Invalid token" messages when I try to reset password or confirm email.
I checked other questions like this and the solution was to encode / decode the url that is sent by email, however I did it already but it doesn't work.
I also tried copying the entire database from localhost to my server in case something was wrong with migrations on the Linux host, but that also didn't help. All migrations apply and other things that don't use the Identity context also work.
After some more searching, I found that it might be a problem with different machine keys on the host and that the security label is out of sync, but I don't see how this might affect me as I deploy a completely new version of my application to the server, and to localhost everything works also on Azure hosting. Also it was a problem with ASP.NET MVC, not Core.
How can I debug this problem? I haven't seen anyone have this problem with the new EF Core and especially not on a Linux host.
I am deploying a site using the latest version of VS 17. I have configured Apache proxy to target on the official .NET Core website:
source to share
The core of the Dotnet MVC application, by default, stores your authentication tokens, encrypted in a cookie.
The second / key for this data encryption / decryption is based on your machine key, which is different on each computer.
If you have run multiple instances of your application (load balancing) this message / error will occur when your system tries to decrypt a session cookie created on another computer.
On the other hand, if you still have cookie information in your browser and you start hosting the website on a different host, that new host will not be able to decrypt those pre-existing session cookies.
I know this because I have the same problem. You can find the source code for the session here: https://github.com/aspnet/Session/tree/dev/src/Microsoft.AspNetCore.Session
I tried this when the dotnet core was not released yet and I ended up using this blog . But it is probably very outdated now.
I would advise you to use external session storage instead of using a cookie as your data storage. read their documentation on how to install this: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/app-state
source to share