Second of my three part series about configuring webfarm for web application will cover setting up configuring forms authentication in order for users to stay logged in while the server is served from any of web farm servers.
When the network load balance affinity has been changed to ‘none’ users of my application could get any of the web pages from any of web farm web servers.
Immediately I’ve noticed an issue with authentication.
When user logged in to Web server A and the next Web page has been served from Web server B – user has been redirected to the log in page. I need to notice here that I use Forms Authentication.
This is because the authentication ticket has been encrypted and decrypted on web servers using different encryption and decryption keys.
To resolve this you have to follow instructions from this link:
http://technet.microsoft.com/en-us/library/cc772287%28WS.10%29.aspx
1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
2. In Features View, right-click Machine Key, and then click Open Feature.
3. On the Machine Key page, select an encryption method from the Encryption method drop-down list. The default encryption method is SHA1.
4. Choose a decryption method from the Decryption method drop-down list. The default decryption method is Auto.
5. Optionally, configure settings for validation and decryption keys.
6. In the Actions pane, click Generate Keys, and then click Apply.
In the picture you can see the screen shot of example machine key configuration.
This configuration generates following entry in your web.config file:
<machineKey decryption="Auto" decryptionKey="B73B88BE243A7E931F9BBA991E62DD0E2B7E172AE47A6F8D"
validation="SHA1" validationKey="B0FFEFC743869AB4AF1ED142AAE2890187FE035EA734F76FEC8B21FFA05F6AC7894828F0190D53D6A5737BC1D3C19FA8A648DBEB395332D6DA13AB2E71E779E3" />
All you have to do is now to include this entry in <system.web> section in your web.config files on both Web servers.
Brak komentarzy:
Prześlij komentarz