ASP.NET 服务器迁移
我们有一个长期存在的 ASP.NET 3.5 应用程序,我们正在从运行 Windows 2005+IIS 6 的物理服务器迁移到运行 Windows 2008+IIS7 的虚拟服务器。 新机器将采用旧机器的身份 - IP、DNS 等。
我们的客户使我们的网站保持运行数小时 - 有时甚至数天。 我担心的是,当我们进行这种切换时,突然所有视图状态都将无法验证,因为 MachineKey 将发生变化。
这种破坏是可以避免的吗? 我可以将新服务器的 machineKey 设置为与现在使用的相同吗? 我认为它是自动生成的 - 我可以找出它是什么吗?
或者,这是否值得——这是一个糟糕的情况,用户不应该期望能够长时间访问一个网站?
We have a long-lived ASP.NET 3.5 application we are moving from a physical server running Windows 2005+IIS 6 to a virtual one running Windows 2008+IIS7. The new machine will assume the identify of the old one - IP's, DNS, etc.
Our clients keep our site up for hours - sometimes even days. My fear is that when we make this switch-over, suddenly all thier viewstates will fail to validate because the MachineKey will have changed.
Is this kind of disruption avoidable? Can I 'set' the new server's machineKey to be the same as the one in use now? I think it is autogenerated - can I find out what it is?
Or, is this even worth it - is this a suck-it-up situation where users shouldn't expect to be able to hit a website for that long?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您是对的,移动将使所有授权 Cookie 失效。 我相信,除非您打开视图状态加密,否则视图状态会很好。
如果添加machinekey属性,那么无论站点托管在哪里,只要该机器密钥相同,加密和解密就可以了。 此外,如果您的网站托管在负载平衡环境中,您将需要/应该使用此功能。
msdn.microsoft.com/en-us/library/ms998288.aspx
You are correct, moving will invalidate all Authorization Cookies. I believe, unless you have viewstate encryption turned on, viewstate will be fine.
If you add the machinekey attribute, then it doesn't matter where the site is hosted, as long as that machine key is the same, encryption and decryption will be fine. Additionally, you will need to/should use this if your site is hosted in a load balanced environment.
msdn.microsoft.com/en-us/library/ms998288.aspx
通常,像这样的迁移将导致完全中断。 大多数站点都会宣布这一点,并在切换期间发布临时中断页面。 另外,我想象有一天两台机器都不可用,因此无论机器密钥和视图状态如何,请求都会失败。 我建议您强制完全停电。 这还允许您在新服务器上线之前对其进行测试。
或者,您可以为新机器提供新的 IP,并慢慢地将新流量强制到新机器,而现有连接将保留在旧机器上。 这需要某种设备(路由器、内容交换机等)来管理它。 不确定您的服务器是否位于此类设备后面。
但回到你的问题,是的,你可以手动设置机器密钥。 这是在 machine.config 中。 从您的旧机器上获取此部分并将其复制过来:
它通常位于此处:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
这是一篇有关使用 相同的机器密钥。
Typically a migration like this would be a full outage. Most sites announce this, and put up a temporary outage page during the cutover. Also, I imagine that there will be a time when neither machine is available, so regardless of the machine key and viewstate, requests will fail. I would recommend that you force a full outage. This would also allow you to test the new server before it goes live.
Alternatively, you could give the new machine new IP's, and slowly force new traffic to the new one, while existing connections would remain on the old one. This would require some kind of device (router, content switch, etc) to manage this. Not sure if your server is behind a device like that.
But back to you question, yes, you can manually set the machine key. This is in the machine.config. Take this section from your old machine and copy it over:
It is usually located here:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
Here is an article about using the same machine Key.
您可以显式设置 machineKey,事实上,当您在网络场中使用不同的会话状态模型时,这种做法很常见。 这里有一个链接,介绍如何执行此操作(靠近页面底部)文章)。
不幸的是,如果您还没有手动生成当前的 machineKey,那么每次应用程序域重新启动时都会随机生成它(这意味着如果您的服务器出现问题,您现在很容易遇到验证问题)。
但是,您可以通过查看注册表来发现当前正在使用的 machineKey
(如果您使用的是 IIS6)。 如果您小心的话,您也许可以使用相同的密钥设置新盒子,然后迁移过来,并且不会出现任何问题。 但这些都是著名的遗言;)
You can explictly set the machineKey, in fact, this is done quite commonly when you're using different session state models with web farms. Here's a link on how to do it (near the bottom of the article).
Unfortunately if you haven't manually generated your current machineKey already, then it will be randomly generated every time the application domain restarts (which means you're vulnerable to validation problems right now if your server ever hiccuped).
However, you can discover the current machineKey that is in use by looking in the registry at
(if you're using IIS6). If you're careful, you may be able to set up the new box with the same key, migrate over, and having nothing go wrong. But those are famous last words ;)