We published an application update to the same Azure web app service and started getting errors:
Exception: System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
This happens to clients using a login page within the app. These are the response headers:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5585
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 30 Jan 2019 14:23:33 GMT
The client has to either close the browser and reopen or clear the browser's cookies to fix the problem.
The web app was running 3 app service instances before and after the upgrade. ARR Affinity is on.
Why is this happening and how do I fix it?
