0

In this example I have a couple of sites.

  • a.site.com
  • b.site.com
  • c.site.com

    • Each of the above sites all have the same identical machinekey. Also this example a.site.com and b.site.com exist on server1 and c.site.com exists on server 2.

    Using forms authentication i'm able to navigate between a.site.com and b.site.com without an issue, only authenticating once. However, even though c.site.com has the same machinekey i'm unable to navigate to c.site.com and maintain being logged in.

    I'm able to fix this using a domain cookie. But this isnt the ideal solution for a lot of reasons.

    How do you use a machinekey across servers without a domain cookie?

    They are in the same domain. The sites are also the same exact code, just multple IIS pages. The only difference is the sites sit on different servers

    Thanks!

    Edit for web.config

     <machineKey decryptionKey="encryptkey" validationKey="encryptkey" validation="SHA1"  decryption="AES"/>
<customErrors mode="Off" defaultRedirect="noaccess.aspx" />
<authentication mode="Forms">
  <forms timeout="120" domain=".site.com" cookieless="UseCookies" enableCrossAppRedirects="true" name=".ASPXAUTH" loginUrl="default.aspx" protection="All" path="/" />
</authentication>

    And I do mean i go publish a.site.com - server1 : publsh b.site.com -server1 : publish - c.site.com server2 no change in code. Yes i removed the key, but i'm positive the key was created correctly.

    user2278106
    • 13
    • 1
    • 5

    2 Answers2

    0

    You need to use a shared session state mechanism such as a State Server or SQL server so that session state is shared by all servers in your web farm.

    Nathan
    • 1,016
    • 7
    • 16
    • Nathen - is this true though? I'm not setting ANY session information. I'm just setting a cookie. Do you have any articles backing this up? – user2278106 Apr 18 '13 at 01:29
    • I was making an assumption that the reason for the issue when switching servers in a web farm was because that new server doesn't consider your session to be valid because it is not shared (a common problem). You might try setting up shared state just as a test to make sure you are not using session state in some subtle way you don't expect, just to eliminate the possibility. Also, what is the element in your web.config set to? Did you set the domain attribute to ".site.com"? – Nathan Apr 18 '13 at 02:11
    • Nathan - ues they all have the same domain attritube in forms – user2278106 Apr 18 '13 at 09:55
    0

    Could you double-check that all 3 servers have the same Windows Updates (in particular .NET framework) installed and same service pack levels. Is the .NET version the same on all 3 servers?

    Arsen
    • 965
    • 8
    • 7
    • Arsen - there are two servers but yes they are, VM clones – user2278106 Apr 18 '13 at 09:41
    • a.site.com and b.site.com work across domains on the same server. Server 2 that has c.site.com does not recognize the same cookie. Can you include some example code from your web.config showing how you setup the machineKey and forms authentication? http://technet.microsoft.com/en-us/library/cc731979(v=ws.10).aspx http://msdn.microsoft.com/en-us/library/ff649308.aspx Which version of .NET are you on? – Arsen Apr 18 '13 at 13:03
    • Can you use a proxy like Fiddler or Chrome Extension (Edit This Cookie https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en) to see if the value of the ASPXAUTH cookie is visible after you login on a.site.com and navigate to c.site.com and in reverse. If the value is visible on both - is it identical? If the value is not visible, and you create the cookie manually using the tool do you become authenticated on c.site.com? Also - check in IIS settings under Machine Key that "automatically generate at run time" is not checked for your app. – Arsen Apr 18 '13 at 19:31
    • Arsen - its not, they all have the same machinekeys – user2278106 Apr 22 '13 at 12:48