Data protection in ASP.NET Core 2.1 only works on one machine

I had a similar issue, however it was between two different ASP.NET Core applications that were trying to share the same cookie. A minor version mismatch in Microsoft.AspNetCore.Authentication.Cookies (2.1.2 vs 2.2.0) was causing one of the applications to not be able to find the keys created by the other version.

Adding this answer here (even though it doesn't answer the above question), as the error messages match exactly, and hopefully it saves someone a few hours.


Thanks to Joe Audette's suggestion I checked out the detailed logging and found a more specific error which pointed me to this answer which had the solution.

The problem was that the permissions for the certificate in the Windows certificate store did not have the IIS_IUSRS group set to allow read access (Right click certificate → All Tasks → Manage Private Keys…). This issue didn't appear on the development machine because there it was running under Visual Studio's user context instead.