WFFM exception The anti-forgery token could not be decrypted
If you have encountered the error 'WARN Web Forms for Marketers: an exception The anti-forgery token could not be decrypted...' while submitting a WFFM form in Sitecore, then this could be the root cause and solution.
Error: WARN Web Forms for Marketers: an exception 'The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the
Saw this error in logs when one of the WFFM form is being submitted. Also, the form used to fail and show a technical difficulty error. We had a custom SaveAction but there was no exceptions logged even though there is a exception handling in place. Also this error was sporadic in and not specific to any network or timing. It was only in production environment and couldn't reproduce in any of the test environments.
After some research found that this is caused by the absense of machine in web.config file. As we have multiple CD servers, we need the machine key to be generated manually and same keys should be configured in web.config file of all the web farm servers. The machine keys are required in web farm servers as it is not sure which server will handle the subsequent requests. Of course the keys should be same on all the web farm servers.
Generate Machine keys
Go to the IIS and select your website on the left.
Double click on the Machine Key option
- Then you will see different options to generate the Machine Keys. Select the necessary options and click on Generate Keys on the right.
Copy the same keys into the web.config file of all the servers under the
<system.web> <machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1" decryption="AES" /> </system.web>
Hope it helps. Please comment your thoughts.