0

I am developing a MVC4 application . We have hosted our application on Windows Azure IAAS Model . Right now we have configured 2 virtual machines and everything is working good. But we have an issue with maintaining User Loging .

If i login in virtual machine 1 , its not getting carried over ,when the next request is coming from Virtual machine 2 . We have mapped two virtual machines over load balance .

Should i look into Cache solutions . Any input will be greatly helpful ...

Thanks, Jaswanth

David Makogon
  • 69,407
  • 21
  • 141
  • 189
Jaswanth Krishna
  • 21
  • 3
  • Have you made sure that your machine key is identical on both servers? If not, the encryption used to encrypt the identity cookie will fail to decrypt on the other server. – Erik Funkenbusch May 18 '15 at 21:27
  • @Erik Funkenbusch : Yes it worked , Thanks a lot Erik . I am not sure how i missed that part...kinda mis lead into somthing somthing – Jaswanth Krishna May 19 '15 at 23:54

2 Answers2

0

You're hitting two completely separate VMs (yes load balanced, but separate). This mandates the need for storing any type of session data external to the VMs (or you need to sync the session content and have it identical in both VMs).

Azure doesn't do anything to sync session data for you. That's on you, to build it into your app's architecture. You mentioned caching, which is certainly a viable solution (which you pick, though, is up to you). There are other solutions too such as database-based session storage. Again, that's up to you.

But bottom line: If you're going to scale an app beyond a single server (VM in this case), in a load-balanced way, you cannot store session data in a specific vm.

David Makogon
  • 69,407
  • 21
  • 141
  • 189
  • I am using Identity claim based authentication . So do i need to add that object to Redis Cache key and retrieve it if it exists ?i am very new to this cache mechanism on azure . – Jaswanth Krishna May 18 '15 at 16:53
  • What exactly does Identity have to do with session? – Erik Funkenbusch May 18 '15 at 21:28
  • @erik can you suggest any solution for this ?? – Jaswanth Krishna May 19 '15 at 18:24
  • @JaswanthKrishna - I did already, but you didn't comment on it. – Erik Funkenbusch May 19 '15 at 18:56
  • @erik funkebusch - here is the problem ..I am authorizing the user using wif ...it works great based on single machine ..now I have 2 machines ...if I login one machine ..the security token or authorization isn't getting carried over ... So I need to maintain that over a distributed cache ...which is where I am stuck .. – Jaswanth Krishna May 19 '15 at 19:15
  • @JaswanthKrishna - A distributed cache has nothing to do with your problem. Your problem is that your machine key is not the same on both servers. – Erik Funkenbusch May 19 '15 at 20:25
  • @Erik Funkenbusch : It worked :( ..... i know i am getting misleaded :( ...Thanks a lot Erik ...very good stuff . Can you enlighten me over security risks on this process ? – Jaswanth Krishna May 19 '15 at 23:52
  • @JaswanthKrishna - There are no security risks.. you have to have the same machine key on both servers if they're both going to create and decode the same cookies. – Erik Funkenbusch May 20 '15 at 01:39
-1

Use a durable session state store (like Redis or SQL Server, etc) or put your state in a cookie and read/write it on each request. If cookie includes sensitive content, encrypt it.

Paul Fryer
  • 9,268
  • 14
  • 61
  • 93
  • i am using WIF and i wanted to use Redis . Can you share more light over this ..... – Jaswanth Krishna May 18 '15 at 17:12
  • Ok then use the RedisSessionStateProvider to set and get your session state (WIF Claims) associated with your session. http://blogs.msdn.com/b/webdev/archive/2014/05/12/announcing-asp-net-session-state-provider-for-redis-preview-release.aspx – Paul Fryer May 18 '15 at 17:16
  • Also, if you are not using the ASP.Net session provider you need to manage getting and setting cache values directly, in this case use a library like Redis CacheSharp. http://www.nuget.org/packages/CacheSharp.Redis/ – Paul Fryer May 18 '15 at 17:18
  • can you explain little bit regarding cachesharp ? – Jaswanth Krishna May 18 '15 at 17:42
  • Sure here are some links http://fryerblog.com/post/99933007601/net-distributed-caching --- http://fryerblog.com/post/96993113611/achieving-statelessness-with-distributed-caches --- http://fryerblog.com/post/63388702380/distributed-caching-strategy – Paul Fryer May 18 '15 at 19:18
  • Thanks for the blog post . They are informative . So when i SignIn using WIF claims ..do i need to set up the redis cache then ? any code samples with rough way will be very helpful ... – Jaswanth Krishna May 18 '15 at 19:34
  • Yes you need to set up a redis cache, you can do that in the Azure Portal, just choose the cheapest one (like $15/month). Then you need to cache things using a key that can be found on all your web servers (like the session id from the cookie). You must have some sort of session cookie or something that you can get out of each request. This needs to be part of your cache keys. Perhaps you should post some code that shows what happens during authentication so we can see what session/token/etc is being generated and used for authentication. – Paul Fryer May 18 '15 at 19:43
  • var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "xyz") )), }, DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role); Authentication.SignIn(identity); – Jaswanth Krishna May 18 '15 at 19:59
  • Thats all i am doing in my WIF ...keep the name and authemticate it based on name ... – Jaswanth Krishna May 18 '15 at 20:00
  • some one degraded this answer ...not sure why ...are we going in wrong direction ? – Jaswanth Krishna May 18 '15 at 21:40
  • Did you see my code ...I still couldn't find a solution clock is ticking :( ..so do I put a cookie or session into the redis cache – Jaswanth Krishna May 19 '15 at 18:23