Menu
Given the idea of a web application (.NET 3.5+)
the authentication using forms will result in a similar line of code
FormsAuthentication.SetAuthCookie(strUsrNm, True)
this is fine in a non load balanced server instance. how does authentication work in a load balanced stuation (no sticky session/infinity), and you cannot store the client IP, users password or login in the browser.
limitations: no database sessions, no AD server (for example: cater for external users)
in short - in a load balanced situation how does the appliation know who the user is if they authenticated against the other server without re-authenticating.
thanks
597
On the Internet, a Web server farm, or simply Web farm, may refer to a Web site that uses two or more servers to handle user requests. Typically, serving user requests for the files (pages) of a Web site can be handled by a single server. However, larger Web sites may require multiple servers.
Web Farm is the web hosting system which comprises of multiple “computers”. This is different from web-garden as web garden runs on a single server while a web farm runs across multiple servers. This provides physical scalability to out web applications.
A web farm is a group of two or more web servers (or nodes) that host multiple instances of an app. When requests from users arrive to a web farm, a load balancer distributes the requests to the web farm's nodes.
Advantages of Web FarmProvides high performance response for client requests. Provides better scalability of the web application and reduces the failure of the application. Session and other resources can be stored in a centralized location to access by all the servers.
If you use cookies, all the servers will know about the authenticated user because the authentication ticket stored on a cookie. Any server will receive this cookie and will be able to decrypt the ticket and authenticate the user.
Here you have more details about how forms authentication works.
Also you have to be sure that all servers on the farm share the machine key used to encrypt and decrypt.
If you deploy your application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This is required because you cannot guarantee which server will handle successive requests.
With manually generated key values, the settings should be similar to the following example.
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7 AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1" decryption="AES" />
Here more details
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
