Using Antiforgery in ASP.NET Core and got error - the antiforgery token could not be decrypted

I've had exactly that error on a ASP .net core app hosted on a linux container.

From the docs it would seem if you don't meet certain criteria the keys are only persisted in the process - but that even for me was not working.

First the error occurred with the default setup.
I then added specific configuration for the keys on the filesystem:

            services.AddDataProtection()                .PersistKeysToFileSystem(new System.IO.DirectoryInfo(@"/var/my-af-keys/"));

This also didn't fix the issue I had to set an application name:

            services.AddDataProtection()                .SetApplicationName("fow-customer-portal")                .PersistKeysToFileSystem(new System.IO.DirectoryInfo(@"/var/dpkeys/"));

I haven't confirmed but its possible nature of the LXC hosting means .net core cannot persist the identity of the app.

I've had this because I started using the application on a localhost port and then was trying to use it in docker with the same port. By then I had cookies that specified the key generated by my machine, so It wouldn't work on docker.

TL;DR clear your cookies if you ever used that domain/port from other machines.

What worked for me was using a new user account instead of NETWORK SERVICE as the error message included this:

System.UnauthorizedAccessException: Access to the path 'C:\Windows\system32\config\systemprofile' is denied.