问题
Are there any possible issues with using the default Forms Authentication (see below) on Load Balanced servers? If there can be, what can I do to prevent the issues.
<authentication mode="Forms">
<forms loginUrl="~/Login/" protection="All" timeout="30" />
</authentication>
Can I use cookies (used by default)? Do I have to go cookieless? etc...
Also, does Microsoft (or VMWare) have a VirtualPC download that is an instant Load Balanced testing environment?
回答1:
There is one issue. The cookies are encrypted and validated using the machine key and the validation key (that's what protection="All" means). You will have to set those in your top-level web.config in all the servers, otherwise each of them will have a different one and will reject cookies set by the others.
You can find a machineKey generator here. Then put the generated xml inside in the web.config of all the servers and you're ready to rock.
来源:https://stackoverflow.com/questions/1710489/asp-net-forms-authentication-on-load-balanced-servers