https://stackoverflow.com/questions/18898049
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPlease make sure you're using the same machine key on both machines. For more Information how to configure go here.
MVC AuthenticationTicket Load Balanced environment issues (F5)
-
29-06-2022 - |
Question
I'm having some issues with with authentication in a load-balanced environment. The load balancer is F5 with Source address affinity persistence turned on. My authentication is pretty standard, I validate user credentials and create an Auth ticket.
string encTicket = FormsAuthentication.Encrypt(authTicket);
var faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
Response.Cookies.Add(faCookie);
About 50% of the time, when logging in the load-balanced environment, (despite the Sticky Session type setting on the F5 level) I get am immediately redirected to the login page to authorize again. I have 2 servers, and it appears as though my subsequent request for the protected area is being directed to the server which does not contain my session info. When using an internal DNS for either server, there is no such issue and auth works fine 100% of the time.
On the occasions that I get to the initial page successfully (through the F5), the persistence works pretty well and I am constantly routed to the correct server at least until my session expires after the designated time. However, there are too many occasions where I am forced to authenticate twice because the pre-authentication issue.
My Guess
Is this some race condition that exists between creating the authentication ticket and the F5 processing it and guaranteeing a correct persistence? This seems feasible to me but this is my first application using this load-balancer so I'm just guessing.
Has anyone dealt with a similar situation before? Is there any configuration application-side or F5 side that can resolve this issue?
Update
On closer inspection, it appears that this happens much less than 50% of the time. The 50% usually occurs for the first time I attempt to log in through the F5 on a given day (or after some arbitrarily long period of time). When I log in and attempt to access a protected resource, about 50% of the time I am sent back to the login page. If I reload the URL of the protected resource, I get in fine. This seems to give more evidence towards the idea of a race condition of some sort.
To get an idea of the frequency, I also ran an automated tool which logged in and out 1000 times (with the same user credentials) and could not replicate the issue. However, since I was constantly using the same user in quick succession, I believe the F5 was continually routing to the same server and so it wasn't the most useful test.
No correct solution
OTHER TIPS
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
