Web Farm和一个ADFS，它会起作用吗？ [英] Web Farm and one ADFS, will it work ?

问题描述

假设我的网站配置为从一台ADFS服务器获取身份验证和声明，现在我构建了一个服务器场，我部署了此网站的副本，所以所有现在指向相同的ADFS，然后我在它们前面添加NLB以进行负载平衡。现在假设用户访问站点并且其中一个服务器为其提供服务，它将转到ADFS进行身份验证并声称返回此服务器，现在如果用户请求另一个由diff Web服务器提供服务的页面，该服务器将如何获取索赔??

我的理解是浏览器会有auth cookie，它会告诉用户验证正常，但索赔会在哪里停留？在饼干？

解决方案

ADFS将存储一个目标在 ADFS 服务器上的cookie，而不是您的应用程序。 如果您希望每次请求到达您的应用程序时阻止最终用户重定向（到ADFS），您的应用程序将必须实施cookie'方案。 该应用程序是否使用WIF？ 如果是这样，那里有广泛的支持。

由于您询问了农场（我认为您的申请），我会注意到，如果您希望使用某些加密材料保护应用程序cookie，需要在两台机器上共享该材料（或使用粘性会话等机制）。 

最佳，

科林。

Hi,

Let's say if I have web site which is configured to take authentication and claims from one ADFS server, now I build a server farm where I deploy copy of this web site, so all are pointing to same ADFS now, then I add NLB in front of them for load balancing. Now take case where user hits the site and one of the servers serve it, it goes to ADFS for auth and claims come back to this server, now if user requests another page which is served by diff web server, how will that server get the claims ??

My understanding is that the browser will have the auth cookie, which will tell that user is authenticated alright, but where would the claims stay ? in the cookie ?

解决方案

ADFS will store a cookie targetted at the ADFS server, not your application.  If you wish to prevent the end-user getting re-directed (to ADFS) everytime a request hits your application, your application will have to implement a cookie'ing scheme.  Is the application using WIF?  If so, there is extensive support in there.

Since you asked about farms (for your application, I assume), I'll note that if you wish to protect the application cookie with some cryptographic material, that material will need to be shared across the two machines (or a mechanism like sticky sessions is employed). 

Best,

Colin.

这篇关于Web Farm和一个ADFS，它会起作用吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！