For a while now we are experiencing an error with the HttpContext
in our platform. To be more exact the HttpContext
information is being lost.
Our platform uses IIS, Docker Desktop and .Net (5, 6 and 7) on a Windows Server 2022 standard.
We initially had several Docker containers running in Docker Desktop (ASP.NET Core 7 Web API), but due to several issues with Docker Desktop, we decided to move most of them to IIS, leaving only one Redis container inside Docker (we use Redis to store info about permissions in our platform, but not to persist cookies).
When publishing and deploying the platform to the test server, where there is another environment with all the microservices still inside Docker, we started having problems with the application HttpContext
(after some time running, the HttpContext
is lost).
We have an Authentication Filter where we check the content of the HttpContext
object. If the HttpContext
is null we raise an error that makes the IIS AppPool of the main MVC site (where the Filter code is placed) stop.
Looking at the registry errors we just find this (not sure about the relationship with the issue):
16:35:30.284 +02:00 [Warning] [Microsoft.AspNetCore.Session.SessionMiddleware] Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {bc1e3537-e07d-4056-993f-89f14e7315b3} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)*
We don’t have any specific configuration for Microsoft.AspNetCore.DataProtection
in our code.
To avoid this we have tried several solutions found on different forums without success. We’ve even tried deleting the keys from C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
, but this just causes the other environment (the one with the microservices still running inside Docker) to fail.
We can quickly reproduce the error by initializing our platform with the same user in two different browsers.
We just configure session by doing this:
services.AddSession(opts =>
{
opts.Cookie.IsEssential = true;
opts.Cookie.HttpOnly = true;
opts.IdleTimeout = TimeSpan.FromMinutes(30);
opts.IOTimeout = TimeSpan.FromMinutes(30);
});
Any idea about what is happening and how to solve it?
Thanks a lot in advance.
user25147906 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.