I am building an ASP.NET Core Blazor web app in .NET 9 with the PayPalServerSDK nuget package installed. The Javascript calls to the ApiController work just fine when run in Visual Studio 2022 using IIS Express. In fact, everything for PayPal works as it should, both in the sandbox and live, as long as it's on the local machine.
The problem arises when the project is deployed to a remote server. When I click on the PayPal button, I get an Internal Server Error 500 returned. I put tracking code in and I can tell that the code never reaches my ApiController, the error gets returned before that. The server logs show this. Apparently, I have some sort of antiforgery issue:
Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
An exception was thrown while deserializing the token.
Is there something in the program.cs file that I'm missing that causes this error?
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddRazorComponents()
.AddInteractiveServerComponents();
builder.Services.AddControllers();
builder.Services.AddCascadingAuthenticationState();
builder.Services.AddScoped<IdentityUserAccessor>();
builder.Services.AddScoped<IdentityRedirectManager>();
builder.Services.AddScoped<AuthenticationStateProvider, IdentityRevalidatingAuthenticationStateProvider>();
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found.");
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
})
.AddIdentityCookies();
builder.Services.AddAuthorizationBuilder()
.SetFallbackPolicy(new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build());
builder.Services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(connectionString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddIdentityCore<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddUserManager<UserManager<ApplicationUser>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddSignInManager()
.AddApiEndpoints()
.AddDefaultTokenProviders();
builder.Services.AddSingleton<IEmailSender<ApplicationUser>, IdentityNoOpEmailSender>();
builder.Services.AddDbContextFactory<PrimaryDbContext>();
builder.Services.AddDbContextFactory<LocalBackupDbContext>();
builder.Services.AddDbContextFactory<RemoteBackupDbContext>();
builder.Services.AddBlazoredLocalStorage();
builder.Services.AddSyncfusionBlazor();
builder.Services.AddSignalR(e => { e.MaximumReceiveMessageSize = 256 * 1024; });
builder.Services.AddBlazorise(options => { options.Immediate = true; });
builder.Services.AddBootstrap5Providers();
builder.Services.AddFontAwesomeIcons();
builder.Services.AddScoped<AppState>();
builder.Services.AddScoped<ClipboardService>();
builder.Services.AddSingleton<ICircuitUserService, CircuitUserService>();
builder.Services.AddScoped<CircuitHandler>((sp) => new CircuitHandlerService(sp.GetRequiredService<ICircuitUserService>()));
var app = builder.Build();
Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense("Ngo9BigBOggjHTQxAR8/V1NNaF5cXmBCf1FpRmJGdld5fUVHYVZUTXxaS00DNHVRdkdmWXxcdnVVRGFfU0FwWEZWYUA=");
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseMigrationsEndPoint();
}
else
{
app.UseExceptionHandler("/Error", createScopeForErrors: true);
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAntiforgery();
app.MapStaticAssets();
app.MapIdentityApi<ApplicationUser>();
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode();
app.MapControllers();
app.MapAdditionalIdentityEndpoints();
app.Run();
Or is there something else I need to be looking at? I would appreciate all the help I can get. Thanks.
