MVC Forms Authentication - How do i handle hosting on a server farm?

Question

I am looking for some clarity on this topic.

I am looking to host my site with a host that will load balance my site over a farm of servers.

Since my MVC site is using Forms Authentication, I assume there will be an issue with each server being able to authenticate the auth cookie sent by the client.

From other posts - I understand that each server needs the same machine key - if they do, then the auth cookie can be read by each server.

What I need clarity on is - can I handle (or, am i suppose to handle) this within my MVC application web.config file? If I am specifying a machine key in the web.config (what i am currently doing ) - I assume that will be the key used to generate the auth cookie and read the auth cookie. Since each server will have a copy of the site's web.config then I am thinking the cookie sent by the user can be read by any server.

What am I missing?

On my local machine i can go from the VS development server version of the site to my localhost version of the site with the same cookie and be authenticated on both. (seems like a similar scenario)

I believe this post tells me what I am thinking is correct but hoping for more info before going back to the hosting provider - forms authentication persistent across multiple servers

Any insight into this to alleviate my ignorance would be greatly appreciated.

Thanks, -D

Answer 1

What I need clarity on is - can I handle (or, am i suppose to handle) this within my MVC application web.config file?

Yes, you can set the machine key in web.config and thus all nodes on the web farm will be able to decrypt the authentication cookie. That's all you need.

Answer 2

In my experience in a self-hosted environment you would (typically) handle this at the machine.config level. In a hosting environment where the host provider doesn't have this already done for you, you should do this at your application level web.config.