Is it possible to set a machinekey for an Azure Worker Role

Question

I have hosted an Owin WebAPI Server in an Azure Worker Role.
The Owin Authentication middleware seems to use the MachineKey to encrypt and generate Tokens. This works perfectly when I have only one instance of this role, but as soon as I want to use several instances, the tokens generated by each instance are differents.

This is the same problem as a web farm, Azure automatically solves this for WebRoles using the same .net Machine Key for all instances in Web.config.

But this does not work for Worker Role instances.

Is there a trick to have Azure using the same machine key for all the intsances of a worker Role ?

Seems it would be easier than rewriting code to generate the tokens for Owin.

How about just manually setting the machine key in your application configuration file? It works pretty well with a traditional Web Role, should't have issues with a worker role, too. I repeat - set the key manually in config, don't rely on auto configuration! — astaykov, Jan 09 '14 at 21:34
Thanks for answers, but App.config does not support setting machine ket as Web.config does... — Christian Surieux, Jan 22 '14 at 12:50
and what stops you from having `system.web\machineKey` section in your app.config file? did you try before replying? — astaykov, Jan 23 '14 at 15:13

score 4 · Answer 1 · answered Feb 06 '15 at 22:33

If your self-hosted application can reference System.Web, then you can use the same MachineKey implementaiton that the Microsoft.Owin.Host.SystemWeb does.

Put the configuration/system.web/machineKey settings in your App.config just like it is in the Web.config.

Reference reference System.Web and add the following class:

public class MachineKeyDataProtector : IDataProtector
{
    private readonly string[] purposes;

    public MachineKeyDataProtector(params string[] purposes)
    {
        this.purposes = purposes;
    }

    public byte[] Protect(byte[] userData)
    {
        return MachineKey.Protect(userData, this.purposes);
    }

    public byte[] Unprotect(byte[] protectedData)
    {
        return MachineKey.Unprotect(protectedData, this.purposes);
    }
}

Then set your authentication options using that class:

        var authenticationOptions = new OAuthBearerAuthenticationOptions
                                    {
                                        AccessTokenFormat = new TicketDataFormat(new MachineKeyDataProtector(
                                            typeof(OAuthBearerAuthenticationMiddleware).Namespace, "Access_Token", "v1")),
                                        AccessTokenProvider = new AuthenticationTokenProvider(),
                                    };

Is it possible to set a machinekey for an Azure Worker Role

1 Answers1

Linked