在群集上运行OpenId Provider时,无效的消息签名 [英] Invalid message signature when running OpenId Provider on Cluster
问题描述
简介
我们有一个使用DotNetOpenAuth组件创建的OpenID提供程序。当我们在单个节点上运行提供程序时,一切工作都很好,但是当我们将提供程序移动到负载平衡的群集中时,其中多个服务器正在处理每个会话的请求,由于DotNetOpenAuth组件似乎在使用独特的东西,因此消息签名出现问题
We have an OpenID Provider which we created using the DotNetOpenAuth component. Everything works great when we run the provider on a single node, but when we move the provider to a load balanced cluster where multiple servers are handling requests for each session we get issue with the message signing as the DotNetOpenAuth component seems to be using something unique from each cluster node to create the signature.
例外
DotNetOpenAuth.Messaging.Bindings.InvalidSignatureException: Message signature was incorrect.
at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\BuildAgent\work\7ab20c0d948e028f\src\DotNetOpenAuth\OpenId\ChannelElements\SigningBindingElement.cs:line 139
at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\BuildAgent\work\7ab20c0d948e028f\src\DotNetOpenAuth\Messaging\Channel.cs:line 940
at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\BuildAgent\work\7ab20c0d948e028f\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172
at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\BuildAgent\work\7ab20c0d948e028f\src\DotNetOpenAuth\Messaging\Channel.cs:line 378
at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\BuildAgent\work\7ab20c0d948e028f\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 493
设置
我们具有在所有群集节点上使用相同机器密钥的计算机配置设置,并且已与SQL Server设置了进程外会话。
We have the machine config setup to use the same machine key on all cluster nodes and we have setup an out of process session with SQL Server.
问题
我们如何配置DotNetOpenAuth用于对其消息签名的密钥,以便客户端会信任同一会话期间群集中所有服务器的响应吗?
How do we configure the key used by DotNetOpenAuth to sign its messages so that the client will trust responses from all servers in the cluster during the same session?
推荐答案
您必须实现 IProviderApplicationStore
并将此对象的实例传递到您创建的 OpenIdProvider
实例,或在web.config文件中设置商店类型。您对该接口的实现必须提供对数据库的访问权限,您的Web场中的所有服务器都共享该数据库。
You must implement IProviderApplicationStore
and pass an instance of this object to the OpenIdProvider
instance you create, or set the store type in your web.config file. Your implementation of this interface must provide the access to a database that all servers in your web farm share.
这篇关于在群集上运行OpenId Provider时,无效的消息签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!