Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

File Compression in Azure Front Door breaks log in

Jon
Jon
Vote:
 

Hi -

We've recently enabled file compression settings in Azure Front Door. The resources I've checked (.css, .js) are compressed correctly but we also find that's it's no longer possible to log in. It's possible to navigate to the login page, and enter your credentials, but when you click 'Log In' our custom error page is shown with the following error logged (below). The .EPiServerLogin cookie is not created either.

ERROR EPiServer.Global - Unhandled exception in ASP.NET
System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.InvalidOperationException: This request has probably been tampered with. Close the browser and try again.
   at EPiServer.Framework.Web.AspNetAntiForgery.ThrowForgeryException()
   at EPiServer.Framework.Web.AspNetAntiForgery.ValidateField()
   at EPiServer.Web.PageExtensions.AntiForgeryValidation.PreInit(Object sender, EventArgs e)

Has anyone encountered a similar problem or able to suggest what might be causing the issue?

Thanks,

#252259
Mar 31, 2021 14:59
Vote:
 

Hi,

I think there are a few potential causes here. If the issue only occurred when you enabled content compression then I think the most likely cause might be caching as, in order to enable compression, you need to enable caching. If the login page is being cached, so will the anti-forgery token included within it which would cause the error you're getting on submission of the login form. If this is the issue, you'll need to prevent the login page (and probably several others) from being cached either by sending the appropriate cache-control headers or by setting up a different route in Azure Front Door which doesn't have caching/compression enabled.

#252373
Apr 01, 2021 11:00
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.