Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Forms Authentication on Load Balanced Servers

Are there any possible issues with using the default Forms Authentication (see below) on Load Balanced servers? If there can be, what can I do to prevent the issues.

<authentication mode="Forms">
    <forms loginUrl="~/Login/" protection="All" timeout="30" />
</authentication>

Can I use cookies (used by default)? Do I have to go cookieless? etc...

Also, does Microsoft (or VMWare) have a VirtualPC download that is an instant Load Balanced testing environment?

like image 975
RichC Avatar asked Nov 10 '09 19:11

RichC


1 Answers

There is one issue. The cookies are encrypted and validated using the machine key and the validation key (that's what protection="All" means). You will have to set those in your top-level web.config in all the servers, otherwise each of them will have a different one and will reject cookies set by the others.

You can find a machineKey generator here. Then put the generated xml inside in the web.config of all the servers and you're ready to rock.

like image 99
Gonzalo Avatar answered Oct 21 '22 23:10

Gonzalo