MVC - Store user permissions on session using NLB - Network Load Balancing

Question

MVC - Store user permissions on session using NLB - Network Load Balancing

Navigation

#1 by (0 votes)

1

We are developing an application (intranet) in MVC 4 where authentication is performed through Windows Authentication.

When the user logs in to the application, a call is made to a service that controls the user's permissions on that module, where all the screens and features that the user can access are retrieved at the moment.

At first, we are storing this user permission information in the session, since whenever an action is performed on the controller we have to validate whether the user actually has permission to perform such a task.

The problem is that now we find that the production server will be configured with Load Balancing (NLB), meaning nothing guarantees that the next user requests will be performed on the same server, which can invalidate the session.

There are some settings that can be made in NLB that address this session issue, but what I've been reading is not very recommended because it "breaks" the scalability of the application.

Does anyone know of any other way to store this data or an alternative to this solution?

Thank you!

c# asp.net-mvc

asked by anonymous 25.07.2016 / 21:55

1 answer

problem in storing characters with accents Problem in program executable created in c

score 0 · Answer 1

If you really need to use sessions to preserve user permissions, you can use a StateServer or a SQLServer . The application configuration is done as follows:

StateServer

<configuration>
  ...
  <system.web>
    ...
    <sessionState mode="StateServer"
      stateConnectionString="tcpip=Teste:42424"
      cookieless="false"
      timeout="20"/>
    ...
  </system.web>
  ...
</configuration>

SQLServer

<configuration>
  ...
  <system.web>
    ...
    <sessionState mode="SQLServer"
      sqlConnectionString="Integrated Security=SSPI;data 
        source=TesteSqlServer;" />
    ...
  </system.web>
  ...
</configuration>

The steps for configuring a StateServer are here .

If you do not need to use sessions, an authorization attribute can be a great alternative.