ASP MVC 3:身份验证有时在生产中丢失 [英] ASP MVC 3: Authentication lost sometimes in production

问题描述

我正在使用使用标准表单身份验证的MVC 3开发Web应用程序.它托管在共享主机上.问题在于有时用户身份验证状态会丢失.我一点也不例外.你有什么线索是什么原因吗?

I am developing a web app using MVC 3 that is using standard form authentication. It is hosted on a shared hosting. The problem is that sometimes the user authentication state is lost. I get no exception at all. Do you have any clue what can be the cause?

身份验证与会话有关吗?我根本没有使用Session对象.我给人的印象是，使用cookie进行身份验证可以在负载平衡的环境中工作.我错了吗?

Does authentication has anything to do with session? I am not using Session object at all. I was of the impression that Authentication using cookie can work in a load balanced environment. Am I wrong?

会话在20分钟的时间段之前丢失.

The session is lost before the 20 minutes timespan.

推荐答案

在这里，我想到了几件事:

A couple of things come to mind here:

1. 丢失的身份验证是否有任何模式?意思是，它总是在20分钟之后还是看似随机?

1. Is there any pattern to the lost authentications? Meaning, is it always after 20 minutes or is it really seemingly random?

由于您位于共享主机上，因此您是否在web.config中明确设置了机器密钥?如果您不这样做，并且将它们设置为自动生成，则如果您的应用程序是负载平衡的，则密钥将有所不同.因此，您在服务器A上进行身份验证，并且随后的一些请求发送到服务器B，您的应用程序将无法解码授权cookie并踢出去"

Since you are on shared hosting, do you explictly set your machine keys in your web.config? If you do not and they are set to auto generate, the keys will be different if your application is load balanced. Thus you authenticate on server A and some subsequent request goes to server B, your application will not be able to decode the authorization cookie and 'kick you out'

在Web场中，您不能保证将处理哪个服务器连续的请求.如果用户在一台服务器上通过了身份验证，并且下一个请求转到另一个服务器时，身份验证票证将验证失败，要求用户重新认证.这machineKey元素中的validationKey和decryptionKey属性用于表单身份验证的哈希和加密票.这些属性的默认值为AutoGenerate.IsolateApps.密钥是为每个密钥自动生成的应用程序，并且它们在每个服务器上都不同.所以，一台计算机上加密的身份验证票不能在Web场中的另一台计算机上或在同一台Web服务器上的另一个应用程序.为了解决这个问题，所有的validationKey和decryptionKey值必须相同Web场中的计算机.

In a Web farm, you cannot guarantee which server will handle successive requests. If a user is authenticated on one server and the next request goes to another server, the authentication ticket will fail the validation and require the user to re-authenticate. The validationKey and decryptionKey attributes in the machineKey element are used for hashing and encryption of the forms authentication ticket. The default value for these attributes is AutoGenerate.IsolateApps. The keys are auto-generated for each application, and they are different on each server. Therefore, authentication tickets that are encrypted on one computer cannot be decrypted and verified on another computer in a Web farm, or in another application on the same Web server. To address this issue, the validationKey and decryptionKey values must be identical on all computers in the Web farm.

有关第二位信息，请参见此处了解更多信息.

See here for more information on that second bit.

这篇关于ASP MVC 3:身份验证有时在生产中丢失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！