We are developing an application (intranet) in MVC 4 where authentication is performed through Windows Authentication.
When the user logs in to the application, a call is made to a service that controls the user's permissions on that module, where all the screens and features that the user can access are retrieved at the moment.
At first, we are storing this user permission information in the session, since whenever an action is performed on the controller we have to validate whether the user actually has permission to perform such a task.
The problem is that now we find that the production server will be configured with Load Balancing (NLB), meaning nothing guarantees that the next user requests will be performed on the same server, which can invalidate the session.There are some settings that can be made in NLB that address this session issue, but what I've been reading is not very recommended because it "breaks" the scalability of the application.
Does anyone know of any other way to store this data or an alternative to this solution?
Thank you!