表单身份验证在多个服务器上持久存在
我有一个 MVC 2.0 应用程序,需要使用表单身份验证进行持久登录(如果选择),该身份验证在两个服务器之间进行负载平衡。
我的 webconfig(在两台服务器上)如下所示:
<authentication mode="Forms">
<forms name="MA_AuthCookie" loginUrl="~/Account/LogOn" timeout="86400" protection="All" path="/" slidingExpiration="false"/>
</authentication>
<machineKey validationKey="*************180C6E1FD3E9338B78ACD83CA0A99F27B985AF97871BDBA43E1426DB8FA82F811779BFB779D1E90EB9BCCDE71D3F0458392736B17D3"
decryptionKey="*****************D72F47EF06B1F594CAAF1BEA311555A9D8E8"
validation="SHA1"
decryption="AES" />
超时设置为 60 天,我使用以下脚本在登录时设置 cookie。
FormsAuthentication.SetAuthCookie(userName, true);
两台服务器上的一切都工作得很好,直到我大约一个小时后回来,没有任何活动,我的身份验证 cookie 也消失了。我不确定这与应用程序的任一负载平衡服务器上的工作进程有关,因为我可以直接转到其中一台服务器,登录并且我的登录名会按应有的方式保留。另外,根据我的发现,我设置机器验证密钥这一事实应该可以解决工作进程运行时的密钥问题和重新创建问题。一定有什么我错过了。如果有人能指出我正确的方向,我将非常感激。
谢谢, 比利
I have an MVC 2.0 application that requires a persistent login(if chosen) using forms authentication which is load balanced between two servers.
my webconfig(on both servers) looks like so:
<authentication mode="Forms">
<forms name="MA_AuthCookie" loginUrl="~/Account/LogOn" timeout="86400" protection="All" path="/" slidingExpiration="false"/>
</authentication>
<machineKey validationKey="*************180C6E1FD3E9338B78ACD83CA0A99F27B985AF97871BDBA43E1426DB8FA82F811779BFB779D1E90EB9BCCDE71D3F0458392736B17D3"
decryptionKey="*****************D72F47EF06B1F594CAAF1BEA311555A9D8E8"
validation="SHA1"
decryption="AES" />
timeout is set for 60 days and i am using the following script to set the cookie on login.
FormsAuthentication.SetAuthCookie(userName, true);
All works great or so it seems across both servers until i come back an hour or so later with no activity and my auth cookie is gone. I am not sure this has something to do with the worker process on either load balanced server for the application because i can go directly to one of the servers, login and my login is persisted as it should be. Also, through my findings the fact that i am setting a machine validation key is supposed to get around the issue and recreation of keys when the worker process runs. There must be something i am missing. If anyone can point me in the right direction it would be very appreciated.
Thanks,
Billy
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看来我没有意识到显而易见的事情。尽管有时关闭浏览器时登录似乎会持续存在,有时在我的 Firefox 浏览器上检查了会话结束时 cookie 过期的设置。做出改变后一切都很好。
Looks like i failed to realize the obvious. Although it seemed as though the login would persist when closing the browser down sometimes and sometimes not the setting to expire cookies at the end of the session was checked on my firefox browser. All is good after making that change.