问题
You've probably solved this before.
I need to be able to use open id in an environment that does not have session stickiness. The servers do preserve the headers.
I'm using ASP.NET MVC and dotNetOpenId version 3.2.0.9177. Although the authentication on the 3rd party web site goes without a hitch when returning the response I get an error and authentication fails.
Any thoughts?
回答1:
Stateful
The most optimized method is to write a custom persistence store that implements IRelyingPartyApplicationStore for the "secrets" that OpenID RPs require, and pass your instance to the OpenIdRelyingParty(IRelyingPartyApplicationStore) constructor, or register it in your web.config file.
Stateless
A much easier solution that will suffice for most scenarios is to use stateless mode instead, so that no state needs to be shared across your web farm's servers.
You can activate stateless mode by instantiating OpenIdRelyingParty passing null in as your application store instance. Calling the default constructor will cause DNOA to use its in-memory store, which breaks on server farms, so the default constructor is insufficient.
Or if you're using the ASP.NET controls, just set Stateless = true on the control.
回答2:
Here's how we're enabling stateless mode:
var uri = new Uri(Request.Url, Request.RawUrl);
var openid = new OpenIdRelyingParty(null, uri,
Request.HttpMethod == "GET" ? Request.QueryString : Request.Form);
Seems to work so far, though per Andrew there's a small performance hit. Not sure that matters since login is a fairly rare activity.
回答3:
Using DotNetOpenID, you should be able to persist the state you need during authentication to the client via a cookie.
Edit: I don't have any example code for this because I've never had to use DotNetOpenID in a session-less environment, but I would check out this link, it may provide the information you need: http://code.google.com/p/dotnetopenid/wiki/WebFarmHowto
来源:https://stackoverflow.com/questions/1379156/how-to-configure-dotnetopenid-in-an-session-less-load-balancing-environment