Vulnerability in EPiServer.Forms
I have two sites set up. I click on the second site in the admin, selected a page, and I get redirected to a login page for that host. I'm not sure I should be getting that login, but I then login, andI get the following. Any ideas?
This request has probably been tampered with. Close the browser and try again.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.InvalidOperationException: This request has probably been tampered with. Close the browser and try again.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[InvalidOperationException: This request has probably been tampered with. Close the browser and try again.] EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException() +159 EPiServer.Framework.Web.AspNetAntiForgery.ValidateField() +75 EPiServer.Web.PageExtensions.AntiForgeryValidation.PreInit(Object sender, EventArgs e) +62 System.Web.UI.Page.OnPreInit(EventArgs e) +9864246 EPiServer.UI.Util.Login.OnPreInit(EventArgs e) +12 System.Web.UI.Page.PerformPreInit() +38 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +302
Some questions for you:
Is there a load balancer involved in this setup of these two sites, or is this like two sites setup on the same box with two entries in IIS?
Are these two sites are pointing to the same database?
What version are you currently using or Episerver?