ASP.NET 5 Identity 3.0 scalability with CookieAuth

2019-08-14 15:58发布

I'm using ASP.NET 5 with MVC6. I am working with Identity 3.0, but I need to know how to make it works with many webservers.

Is possible to store the session in other place? Database? In MVC5 you did that in the web.config, but I don't found information about it in MVC6.

This is my code in Startup.cs

app.UseCookieAuthentication(options =>
            {
                options.AutomaticAuthenticate = true;
                options.LoginPath = new PathString("/Account/Login");
                options.AutomaticChallenge = true;
            });

Thanks!!

1条回答
三岁会撩人
2楼-- · 2019-08-14 16:43

By default, authentication tickets stored in cookies are self-contained: knowing the encryption key is enough to retrieve the original ticket (there's no store or database involved in this process).

To make sure your authentication cookies are readable by all your servers, you need to synchronize the key ring they use to encrypt and decrypt authentication tickets. This can be done using an UNC share, as mentioned by the documentation: http://docs.asp.net/en/latest/security/data-protection/configuration/overview.html.

public void ConfigureServices(IServiceCollection services) {
    services.AddDataProtection();

    services.ConfigureDataProtection(options => {
        options.PersistKeysToFileSystem(new DirectoryInfo(@"\\server\share\directory\"));
    });
}

Alternatively, you could also provide your own TicketDataFormat to override the serialization/encryption logic, but it's definitely not the recommended approach.

查看更多
登录 后发表回答