我有在两个不同的服务器上运行的相同的asp core 2应用程序,但是使用相同的数据库来存储用户等.
I have the same asp core 2 app running on 2 different servers but using the same database to store users and etc.
问题是,如果我在一台服务器上创建并设置用户密码,则运行同一应用程序的另一台服务器将返回无效密码,反之亦然.
The problem is that if I create and set a user password in one server, the other server running the same app returns invalid password and vice-versa.
几年前,我在使用asp 4应用程序时遇到了这个问题,并通过为两个应用程序设置相同的机器密钥来解决了这个问题.
I had this problem a few years ago with an asp 4 app and I fixed it by setting the same machine key for both apps.
我听说过数据保护API,但是我找不到在哪里告诉它使用相同的加密密钥,而是找到了使我感到困惑的复杂示例,我需要做的就是使两台服务器理解彼此的加密.
I heard about data protection api, but I can't find where to just tell it to use the same encryption key, instead I find complex examples that confuses me and all I need is to make both servers understand each other's encryption.
推荐答案您可以将一台服务器保留为主服务器,将一台服务器保留为辅助服务器.在辅助服务器中,禁用自动密钥生成
You can keep one server as primary and one as secondary. In the secondary server disable auto key generation
public void ConfigureServices(IServiceCollection services) { services.AddDataProtection().DisableAutomaticKeyGeneration(); }或者您可以将其保留给Redis
Or you can persist them to Redis
public void ConfigureServices(IServiceCollection services) { // sad but a giant hack :( // github/StackExchange/StackExchange.Redis/issues/410#issuecomment-220829614 var redisHost = Configuration.GetValue<string>("Redis:Host"); var redisPort = Configuration.GetValue<int>("Redis:Port"); var redisIpAddress = Dns.GetHostEntryAsync(redisHost).Result.AddressList.Last(); var redis = ConnectionMultiplexer.Connect($"{redisIpAddress}:{redisPort}"); services.AddDataProtection().PersistKeysToRedis(redis, "DataProtection-Keys"); services.AddOptions(); // ... }详细的文章可以在同一篇文章中找到
A detailed article is available on the same
www.tugberkugurlu/archive/asp-net-core-authentication-in-a-load-balanced-environment-with-haproxy-and-redis
PS:上面发布的代码来自同一篇文章,因此,如果链接断开,答案仍然是完整的
PS: The code posted above is from the same articles, so that if link goes the down, the answer is still complete
更多推荐
asp.net core 2.0的机器密钥?
发布评论