The application uses OAuth2 flowO365 to log into user accounts and to store the returned access tokens in a session variable. The following code is used to store tokens:
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
Request.Query["code"],
loginRedirectUri,
new ClientCredential(ConfigSettings.ClientId, ConfigSettings.ClientSecret),
ConfigSettings.O365UnifiedAPIResource);
var authResultEWS = await authContext.AcquireTokenByAuthorizationCodeAsync(
Request.Query["code"],
loginRedirectUri,
new ClientCredential(ConfigSettings.ClientId, ConfigSettings.ClientSecret),
ConfigSettings.EWSAPIResource);
HttpContext.Session.SetString(SessionKeys.Login.AccessToken, authResult.AccessToken);
HttpContext.Session.SetString(SessionKeys.Login.EWSAccessToken, authResultEWS.AccessToken);
And here is how we get tokens in our controllers again:
private string GetSessionValue(string key)
{
byte[] buffer = new byte[2048];
HttpContext.Session.TryGetValue(key, out buffer);
return System.Text.Encoding.UTF8.GetString(buffer);
}
This soluton runs on a local cluster of 5 nodes, but after publishing to the Azure 3 node cluster Session, it does not seem to work.
I used remote debugging and access tokens are correctly added, but as soon as I call GetSessionValueit HttpContext.Sessioncontains 0.
To use HttpContext.Sessionis a bad idea for distributed architectures such as SF, what would be a good replacement solution?