Error .Net 5 loses HttpContext

Hello,

For a while now we are experiencing an error with the HttpContext in our platform. To be more exact the HttpContext information is being lost.
Our platform uses IIS, Docker Desktop and .Net (5, 6 and 7) on a Windows Server 2022 standard.

We initially had several Docker containers running in Docker Desktop (.Net 7 APIs), but due to several issues with Docker Desktop, we decided to move most of them to IIS, leaving only one Redis container inside Docker (we use Redis to store info about permissions in our platform, but not to persist cookies).

When publishing and deploying the platform to the test server, where there is another environment with all the microservices still inside Docker, we started having problems with the application HttpContext (after some time running, the HttpContext is lost).

We have an Authentication Filter where we check the content of the HttpContext object. If the HttpContext is null we raise an error that makes the IIS AppPool of the main MVC site (where the Filter code is placed) stop.

Looking at the registry errors we just find this (not sure about the relationship with the issue):

16:35:30.284 +02:00 [Warning] [Microsoft.AspNetCore.Session.SessionMiddleware] Error unprotecting the session cookie.
System.Security.Cryptography.CryptographicException: The key {bc1e3537-e07d-4056-993f-89f14e7315b3} was not found in the key ring.

  • at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)*
  • at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)*
  • at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte protectedData)*
  • at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)*

We don’t have any specific configuration for Microsoft.AspNetCore.DataProtection in our code.

To avoid this we have tried several solutions found on different forums without success. We’ve even tried deleting the keys from C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, but this just causes the other environment (the one with the microservices still running inside Docker) to fail.

We can quickly reproduce the error by initializing our platform with the same user in two different browsers.

We just configure session by doing this:

services.AddSession(opts =>
{
    opts.Cookie.IsEssential = true; 
    opts.Cookie.HttpOnly = true;                
    opts.IdleTimeout = TimeSpan.FromMinutes(30); 
    opts.IOTimeout = TimeSpan.FromMinutes(30); 
});

Any idea about what is happening and how to solve it?

Thanks a lot in advance.