3
votes

We are currently migrating our .NET Web Application to an Azure Cloud Service with the Web tier running on multiple nodes (Initially two). I am wondering how we should modify our forms based authentication mechanism to run in a load balancing environment? This a consideration we have never needed to make in the past as our application has always been confined to just one physical server.

Currently we define our protected folders in the web.config as such:

<location path="secure-area">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

The code in the login page works something like this:

if accountIsValid = true then
   FormsAuthentication.SetAuthCookie(sessionID, False)
   response.redirect("secure-area/index.aspx")
end if

Then the active session is retrieved throughout the application like this:

Dim sessionID as string = User.Identity.Name.ToString

Presumably this method will not automatically persist session state across multiple nodes? I wondered if the Azure Fabric Controller would sort all this out for me without having to make code changes. Wishful thinking maybe!

Any help or links to online guides would be much appreciated!

1

1 Answers

5
votes

This is less a question about Azure, more about forms authentication using load balanced ASP.NET applications. Forms authentication uses the machineKey on the server to encrypt the cookie sent down to the client. By default, this key is randomly generated on the server per instance. To make forms auth work across multiple nodes you need to set the machine key to be the same across both instances in your web.config. Here are a few examples:

Does Forms Authentication work with Web Load Balancers?

http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=vs.100).aspx

http://support.microsoft.com/kb/910443

Hopefully this works out, happy coding!