表单身份验证是否与Web负载平衡器一起使用？ [英] Does Forms Authentication work with Web Load Balancers?

问题描述

我正在使用使用表单验证的网络应用程序。

I'm working on a web application that is using Forms authentication.

    <authentication mode="Forms">
        <forms slidingExpiration="true"
         loginUrl="~/User.aspx/LogOn"
         timeout="15"
         name="authToken"  />
    </authentication>

我在登录时看到此Cookie设置在我的浏览器中：

I'm seeing this cookie set in my browser when I log in:

问题是，当我把这个网站在一个负载平衡模型会发生什么？在哪里设置ASP.net会话cookie？我没有明确地在代码中做，所以我认为它发生在ASP.Net的某个地方的场景。

The question is what happens when I put this website in a load balanced model? Where is the ASP.net session cookie being set? I didn't explicitly do it in code, so I assume it's happening behind the scenes somewhere in ASP.Net.

此外，如果会话cookie由web服务器设置A，我认为Web服务器B不会识别它，并将其视为无效会话。如果是这样，我可能不想使用它，对吧？

Also, If the session cookie is set by web server A, I assume web server B won't recognize it and treat it as an invalid session. If this is the case, I probably don't want to use it, right?

推荐答案

您必须将机器密钥设置为相同，且两个机器上的名称相同。如果这样做，您应该没有问题与表单auth的负载平衡。

You'll have to set the machine key to be the same and the name to be the same on both machines...if this is done you should have no problems load balancing with forms auth.

        <authentication mode="Forms">
        <forms loginUrl="~/Login/Index" defaultUrl="~/"
                     name=".myportal"
                     protection="All" slidingExpiration="true" timeout="20" path="/"
                     requireSSL="false"></forms>
    </authentication>

    <machineKey validationKey="534766AC57A2A2F6A71E6F0757A6DFF55526F7D30A467A5CDE102D0B50E0B58D613C12E27E7E778D137058E" decryptionKey="7059303602C4B0B3459A20F9CB631" decryption="Auto" validation="SHA1"/>

会话可能稍微复杂一点。您可以将ASP.Net会话状态存储在数据库中，也可以使用共享会话提供程序使其可用于负载平衡。

Sessions can get slightly more complicated. You can store the ASP.Net session state in the database or use a shared session provider to make it available for load balancing as well.

这里是一篇关于存储DB中的会话状态： http://idunno.org/articles/277.aspx

Here is a good article on storing session state in the DB: http://idunno.org/articles/277.aspx

这篇关于表单身份验证是否与Web负载平衡器一起使用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！