Azure的缓存不是持久的会话状态跨越VIP互换？ [英] Azure Cache not persisting Session State across VIP swaps?

问题描述

作为后续行动，这个帖子：<一href=\"http://stackoverflow.com/questions/20964697/enabling-co-located-session-caching-in-an-azure-cloud-service\">Enabling共同位于会话缓存在Azure的云服务 - 我想存储会话状态的Azure缓存坚持VIP掉期之间的会话。从答案引用：

  

要解决这个问题，我想请你尝试新的缓存服务
  （preVIEW）。这样一来，你为你的订阅缓存奉献
  这样就可以在整个云服务的部署使用它们，虚拟
  机器和网站。

我已经设置了一个蓝色的缓存（preVIEW）实例，使用它的端点和初级访问键在我的web.config，并部署到Azure的我的云服务暂存插槽。

然后我登录使用窗体身份验证，并重新部署到同一插槽。我的凭据坚持！这是伟大的看到。

但后来我换贵宾卡到生产，记录在以同样的方式生产实例，重新部署到分期，VIP再次被换，再刷新，希望保持登录状态，但它没有工作 - 我会迷路了对生产和分期。

我已经按照这个网址的指示：

<一个href=\"http://www.windowsazure.com/en-us/manage/services/cache/net/how-to-in-role-cache/#getting-started-cache-role-instance\" rel=\"nofollow\">http://www.windowsazure.com/en-us/manage/services/cache/net/how-to-in-role-cache/#getting-started-cache-role-instance

什么引起的？没有异常抛出 - 我的访问重点工作（给它一个假的之一，并得到一个例外测试）...我不知道发生了什么事。在web.config中配置部分：

 ＆LT;的sessionState模式=自定义customProvider =AFCacheSessionStateProviderXDT：转换=插入＆GT;
  ＆LT;供应商＆GT;
    ＆LT;添加名称=AFCacheSessionStateProviderTYPE =Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider，Microsoft.Web.DistributedCachecacheName =默认dataCacheClientName =默认的applicationName =AFCacheSessionState/＆GT;
  ＆LT; /供应商＆GT;
＆LT; /＆的sessionState GT;
 

和

 ＆LT; dataCacheClient NAME =默认＆GT;
      ＆LT;自动发现isEnabled =真正的标识符=mysite.cache.windows.net/＆GT;
      ＆LT; securityProperties模式=消息sslEnabled =false的＆GT;
        ＆LT; messageSecurity authorizationInfo ={我的钥匙}/＆GT;
      ＆LT; / securityProperties＆GT;
    ＆LT; / dataCacheClient＆GT;
 

至于超时策略 - 我把它设置为永不启用驱逐到期。我是少数用户之一，缓存存储空间128MB的饼干，所以我不认为这是有关到期。

我也注意到，在<一个href=\"http://www.windowsazure.com/en-us/manage/services/cache/net/how-to-in-role-cache/#store-session\"相对=nofollow>文档，有一个的applicationName 没有进入我已经在上面。我试着删除它，并重新测试，但没有成功 - 我的正式版会话还是输在VIP互换

我在做什么错了？

更新：

从Microsoft <一个href=\"http://social.msdn.microsoft.com/Forums/windowsazure/en-US/c87e0cd6-a373-4435-8bf1-853e4f92d469/azure-cache-not-persisting-session-state-across-vip-swaps?forum=azurecache&prof=required\"相对=nofollow>论坛帖子：

  

我是能够重现该问题。我调查。

解决方案

窗体身份验证不是基于会话状态。它只依赖于客户端的cookie。 Cookies是加密的，并在web.config中的的machineKey部分中指定的键验证。
默认配置是：

 ＆LT;的machineKey的validationKey =自动生成，IsolateApps
            decryptionKey =自动生成，IsolateApps
            验证=SHA1解密=自动/＆GT;
 

自动生成意味着每个物理机器都有自己的decryptionKey。通过生产虚拟机生成的Cookie不会被分期VM所接受。

VIP交换之后由旧生产虚拟机的所有cookies将被新的生产虚拟机（前分期VM）拒绝，从而导致所有用户被注销。

您需要明确指定的machineKey值强制窗体身份验证生成的Cookie有效期为新的和旧的生产虚拟机（见的How：配置的machineKey，Web场部署注意事项部分）。

检查的machineKey部分代这个在线工具：<一href=\"http://aspnetresources.com/tools/machineKey\">http://aspnetresources.com/tools/machineKey.

UPD：有一个在管理Windows Azure中/ ASP.NET管理机部署对于IIS 键：

  

Windows Azure的自动管理ASP.NET的machineKey的
  服务使用IIS部署。如果你经常使用的VIP交换
  部署策略，你必须手动配置ASP.NET机
  键。

As a follow-up to this post: Enabling co-located Session Caching in an Azure Cloud Service - I'm trying to store session state in Azure Cache to persist sessions between VIP swaps. Quoted from the answer:

To fix this problem, I'd like you to try the new Cache Service (Preview). In this way you create dedicate cache for your subscription so that you can use them across cloud service deployments, virtual machines and websites.

I've set up an Azure Cache (Preview) instance, used its endpoint and primary access key in my web.config, and deployed to my Azure Cloud Service Staging slot.

I then logged in using Forms auth, and redeployed to the same slot. My credentials were persisted! This was great to see.

But then I VIP swapped to Production, logged in the same way to the production instance, redeployed to Staging, VIP swapped again, and then refreshed, expecting to remain logged in, but it didn't work - my session was lost on both production and staging.

I've followed the instructions found here:

http://www.windowsazure.com/en-us/manage/services/cache/net/how-to-in-role-cache/#getting-started-cache-role-instance

What could be causing this? No exceptions are thrown - my access key works (tested by giving it a bogus one and getting an exception)... I'm not sure what's going on. Config sections in web.config:

 <sessionState mode="Custom" customProvider="AFCacheSessionStateProvider" xdt:Transform="Insert">
  <providers>
    <add name="AFCacheSessionStateProvider" type="Microsoft.Web.DistributedCache.DistributedCacheSessionStateStoreProvider, Microsoft.Web.DistributedCache" cacheName="default" dataCacheClientName="default" applicationName="AFCacheSessionState"/>
  </providers>
</sessionState>

And:

<dataCacheClient name="default">
      <autoDiscover isEnabled="true" identifier="mysite.cache.windows.net" />
      <securityProperties mode="Message" sslEnabled="false">
        <messageSecurity authorizationInfo="{my key}" />
      </securityProperties>
    </dataCacheClient>

As for timeout policy - I have it set to never expire with eviction enabled. I'm one of a handful of users and the cache is storing cookies in 128MB of space, so I don't think it's related to expiry.

I also noticed that in the docs, there is no entry for applicationName as I have above. I tried removing it and re-testing, to no avail - my Prod session is still lost upon VIP swap.

What am I doing wrong?

Update:

From a microsoft forum post:

I was able to reproduce the issue. I am investigating.

解决方案

Forms authentication is not based on session state. It relies only on client-side cookies. Cookies are encrypted and validated with keys specified in machineKey section of web.config. Default config is:

<machineKey validationKey="AutoGenerate,IsolateApps"  
            decryptionKey="AutoGenerate,IsolateApps" 
            validation="SHA1" decryption="Auto" />

AutoGenerate means that each physical machine gets its own decryptionKey. Cookies generated by production VM will not be accepted by staging VM.

After VIP swap all cookies set by old production VM will be rejected by new production VM (ex-Staging VM), causing all users to be logged out.

You need to specify machineKey values explicitly to force Forms Auth to generate cookies that will be valid for both new and old production VMs (see How To: Configure MachineKey, Web Farm Deployment Considerations section).

Check this online tool for machineKey section generation: http://aspnetresources.com/tools/machineKey.

UPD: There is a related note in Manage Deployments in Windows Azure/Managing ASP.NET machine keys for IIS:

Windows Azure automatically manages the ASP.NET machineKey for services deployed using IIS. If you routinely use the VIP Swap deployment strategy, you should manually configure the ASP.NET machine keys.

这篇关于Azure的缓存不是持久的会话状态跨越VIP互换？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！