Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure dotNetOpenId in an session less load balancing environment

You've probably solved this before.

I need to be able to use open id in an environment that does not have session stickiness. The servers do preserve the headers.

I'm using ASP.NET MVC and dotNetOpenId version 3.2.0.9177. Although the authentication on the 3rd party web site goes without a hitch when returning the response I get an error and authentication fails.

Any thoughts?

like image 474
Mihai Lazar Avatar asked Sep 04 '09 13:09

Mihai Lazar


2 Answers

Stateful

The most optimized method is to write a custom persistence store that implements IRelyingPartyApplicationStore for the "secrets" that OpenID RPs require, and pass your instance to the OpenIdRelyingParty(IRelyingPartyApplicationStore) constructor, or register it in your web.config file.

Stateless

A much easier solution that will suffice for most scenarios is to use stateless mode instead, so that no state needs to be shared across your web farm's servers.

You can activate stateless mode by instantiating OpenIdRelyingParty passing null in as your application store instance. Calling the default constructor will cause DNOA to use its in-memory store, which breaks on server farms, so the default constructor is insufficient.

Or if you're using the ASP.NET controls, just set Stateless = true on the control.

like image 186
Andrew Arnott Avatar answered Nov 07 '22 22:11

Andrew Arnott


Here's how we're enabling stateless mode:

var uri = new Uri(Request.Url, Request.RawUrl);
var openid = new OpenIdRelyingParty(null, uri, 
             Request.HttpMethod == "GET" ? Request.QueryString : Request.Form);

Seems to work so far, though per Andrew there's a small performance hit. Not sure that matters since login is a fairly rare activity.

like image 44
Jeff Atwood Avatar answered Nov 07 '22 21:11

Jeff Atwood