Getting ASP.Net authentication to work on a web farm
You've built your website. You've tested it locally. You upload it to your hosting provider and everything seems fine. Then you notice that when you're browsing pages controlled by authentication, you keep getting logged out. Luckily it's simple to solve.
Hosting a website on a web farm or load balanced server, introduces some issues that you will not see when testing your application in a single server environment. One of them is authentication.
Gimme the low down
When a user logs in, an authentication ticket is created. This is stored within a cookie and allows to user to navigate the site without having to log in every time.
When your application runs a machineKey
is created. This is used to sign the authentication ticket. When a user’s authentication is checked by the server this machineKey
is used to decrypt the ticket.
The problem
By default a machineKey
is automatically generated when the application is started. When hosted on a web farm each server with have a different machineKey
. One server with authenticate you and create an authentication ticket. Then when you browse to a different section of the site, that request may go to a different server. The server will check your ticket against its machineKey
, this will be invalid and the user will be redirected to the login page.
Specifying the machineKey
Luckily we can specify the machineKey
ourselves within the web.config
. All servers will now use the same key and will not auto generate one on application start. To do this we will need to generate a key which can be done via this site http://aspnetresources.com/tools/machineKey. This will generate a key like so.
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7
AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
validation="SHA1"
decryption="AES"
/>
Include this in your web.config
under <system.web>
. Now when you deploy to your web farm, all servers will use the same machineKey
and your users will stay logged in.
Resources: