WFFM exception The anti-forgery token could not be decrypted

Pranay
May 16, 2020  ยท  7237 views

If you have encountered the error 'WARN Web Forms for Marketers: an exception The anti-forgery token could not be decrypted...' while submitting a WFFM form in Sitecore, then this could be the root cause and solution.

Error: WARN Web Forms for Marketers: an exception 'The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.' has occured while trying to execute an action ''.

Saw this error in logs when one of the WFFM form is being submitted. Also, the form used to fail and show a technical difficulty error. We had a custom SaveAction but there was no exceptions logged even though there is a exception handling in place. Also this error was sporadic in and not specific to any network or timing. It was only in production environment and couldn't reproduce in any of the test environments.

After some research found that this is caused by the absense of machine in web.config file. As we have multiple CD servers, we need the machine key to be generated manually and same keys should be configured in web.config file of all the web farm servers. The machine keys are required in web farm servers as it is not sure which server will handle the subsequent requests. Of course the keys should be same on all the web farm servers.

Generate Machine keys

  1. Go to the IIS and select your website on the left.

  2. Double click on the Machine Key option

  3. Then you will see different options to generate the Machine Keys. Select the necessary options and click on Generate Keys on the right.

Machine key step 1

Machine key 3 Machine key 2

Machine Keys

Copy the same keys into the web.config file of all the servers under the <system.web> tag.

<system.web>
    <machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" 
        decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" 
        validation="SHA1"
        decryption="AES"
    />
</system.web>

Hope it helps. Please comment your thoughts.

AUTHOR

Pranay

A Software Engineer by profession, a part time blogger and an enthusiast programmer. You can find more about me here.


Post a comment




Thank you! You are now subscribed.

Sign up for our newsletter

Subscribe to receive updates on our latest posts.

Thank you! You are now subscribed.