All geek questions in one place

There is no way to extend ASP.Net Forms authentication so that sessions can go through iisreset?

I just got pinged on another post because my application does not allow the user to log in after iisreset.

How to solve the AntiForgeryToken exception that occurs after iisreset in my ASP.Net MVC application?

I have to say that I agree with the commentator that this is an artificial limitation.

From what I read about forms authentication, it seems that the information recorded during the session is stored in memory, and when the server is rebooted, you lose this information.

What I would like to do is simply be able to store this information somewhere, ideally, in a database so that I can continue my sessions. I can't seem to find a way to expand it to do this. Am I missing something? I misunderstood how this works?

I understand that this is a β€œfree” kit that they give us, but I would prefer not to minimize it myself, because there are many, and I have the potential to ruin my own decision.

Edit: Note that this has nothing to do with session state. As far as I know, I do not use session state at all if something underneath within it uses inside.

I understand that cookies are used by authentication, but they have not expired. However, I still return to the login page after iisreset.

+4
source share
2 answers

It looks like your problem is that the <machineKey /> validationKey and decryptionKey attributes are set to AutoGenerate , which means they change using IIS reset.

This means that authenticated encrypted cookies will not be valid the next time they are presented.

You can fix this by manually setting fixed validationKey and decryptionKey . To do this, take a look at this article:

How to configure MachineKey in ASP.NET 2.0

Scroll down to the Web Farm Deployment Considerations section and generate cryptographically random keys.

+7
source

The authentication segment and session state (where anti-fake tokens are tracked) are two completely different things in ASP.NET.

Authentication is monitored by a cookie in the browser (usually), so iis will not be fixed upon reboot.

By default, session state is stored in memory (where it will be killed upon reboot), but can be easily stored in SQL Server or in a dedicated State Server process (which will support iis restarts).

+4
source

Source: https://habr.com/ru/post/1300417/

More articles:


All Articles