Geek Answers Handbook

Machine key in asp.net core 2.0?

I have the same asp.net core 2 application running on two different servers but using the same database to store users, etc.

The problem is that if I create and set a user password on one server, another server that runs the same application returns an incorrect password and vice versa.

I had this problem a few years ago with an asp.net 4 application, and I fixed it by installing the same machine key for both applications.

I heard about api data protection, but I can’t find where to just say that I use the same encryption key, instead I find complex examples that confuse me, and all I need to do is make both servers understand each other in encryption.

+8
source share
1 answer

You can save one server as primary and the second as secondary. On the secondary server, disable automatic key generation

public void ConfigureServices(IServiceCollection services) { services.AddDataProtection().DisableAutomaticKeyGeneration(); }

Or you can save them in Redis

 public void ConfigureServices(IServiceCollection services) { // sad but a giant hack :( // https://github.com/StackExchange/StackExchange.Redis/issues/410#issuecomment-220829614 var redisHost = Configuration.GetValue<string>("Redis:Host"); var redisPort = Configuration.GetValue<int>("Redis:Port"); var redisIpAddress = Dns.GetHostEntryAsync(redisHost).Result.AddressList.Last(); var redis = ConnectionMultiplexer.Connect($"{redisIpAddress}:{redisPort}"); services.AddDataProtection().PersistKeysToRedis(redis, "DataProtection-Keys"); services.AddOptions(); // ... }

A detailed article is available at the same

http://www.tugberkugurlu.com/archive/asp-net-core-authentication-in-a-load-balanced-environment-with-haproxy-and-redis

PS: the code above applies to the same articles, so if the link goes down, the answer is still complete

+2
source share

More articles:


All Articles