Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Darryl Godden 145 posts 197 karma points
    Apr 26, 2010 @ 13:38
    Darryl Godden
    0

    ASP.NET Authentication & Load Balancing

    Hi all,

    Appreciate this is more of a .NET question, but I wonder whether you chaps had done anything along these lines before?

    Our web servers are balanced across two servers. We have a load balancing software, although what algorithm it used when deciding which server to send visitors too is beyond my knowledge.

    The problem I am having is that we enable users to create new media in that they upload documents to the server via a user control. We get around the load balancing situation by using a DNS name for one server so that all documents are stored on that one server.

    We are having a problem in that when one user accesses the upload form, he is being asked to login again, being presented with a login form rather than the upload form.

    I can only assume it is because the authentication token is not being passed to the upload server and he has authenticated on the non-upload server. Although I am more than willing to bow to superior knowledge!

    Thanks for any ideas you may have.

    Cheers,

    Darryl

  • Darryl Godden 145 posts 197 karma points
    Apr 26, 2010 @ 13:42
    Darryl Godden
    0

    I'm currently reading this article:

    http://msdn.microsoft.com/en-us/library/ms998288.aspx

    I wonder whether this is the problem.

  • Tobias Neugebauer 52 posts 93 karma points
    Apr 26, 2010 @ 13:46
    Tobias Neugebauer
    0

    Hi,

    there are two things that come into my mind:

    1. Do you share Session-State over the to Servers? It's not possible to use InProc for the session state you need to use State-Server, SQL Server Session State or something like AppFabric (Codename Velocity) that both servers can access session state.

    2. I think you need to specify a machinekey in your web.config file that each server is able to decrypt the data in the user-session. This should look like this:

    <machineKey validationKey="xxxxxxxxxxxxxxxxxxx" decryptionKey="xxxxxxxxxxxxxx" decryption="3DES" validation="SHA1" />

    try googeling about this ;)

    Hope this helps

    Toby

Please Sign in or register to post replies

Write your reply to:

Draft