You've built your website. You've tested it locally. You upload it to your hosting provider and everything seems fine. Then you notice that when you're browsing pages controlled by authentication, you keep getting logged out. Luckily it's simple to solve.
Hosting a website on a web farm or load balanced server, introduces some issues that you will not see when testing your application in a single server environment. One of them is authentication.
Gimme the low down
When a user logs in, an authentication ticket is created. This is stored within a cookie and allows to user to navigate the site without having to log in every time.
When your application runs a
machineKeyis created. This is used to sign the authentication ticket. When a user’s authentication is checked by the server this
machineKey is used to decrypt the ticket.
By default a
machineKey is automatically generated when the application is started. When hosted on a web farm each server with have a different
machineKey. One server with authenticate you and create an authentication ticket. Then when you browse to a different section of the site, that request may go to a different server. The server will check your ticket against its
machineKey, this will be invalid and the user will be redirected to the login page.
Specifying the machineKey
Luckily we can specify the
machineKey ourselves within the
web.config. All servers will now use the same key and will not auto generate one on application start. To do this we will need to generate a key which can be done via this site http://aspnetresources.com/tools/machineKey. This will generate a key like so.
<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7 AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="SHA1" decryption="AES" />
Include this in your
<system.web>. Now when you deploy to your web farm, all servers will use the same
machineKey and your users will stay logged in.