stackoom
  简体   繁体   中英

Configure IIS to Allow Multiple Users Simultaneous Access

 原文  2012-03-07 00:50:42       asp.net/ session/ iis/ authentication/ web

Question

I have an ASP.NET website on a WinServer2k8 machine, which is protetced through Forms Authentication. At the moment, if one person logs in on Machine A, all login attempts on Machine B will fail (A & B are using the same internet connection to access the server). The login request doesn't return any errors, rather it simply redirects back to a login screen as though the authentication never happened. I would like to know how to configure this site either through IIS7 or a web.config file so that it will allow any number of simultaneous user sessions. All of the settings for the website are set to the IIS7 defaults. I've tried changing session-state modes, the Maximum sessions property, and the Forms Authentication settings in IIS7.

Any help is appreciated.

PS - I have also tested machines that are using a different IP Address for their internet connection and I am still unable to start a simultaneous session from that end as well.

PPS - If I attempt to start a session from a web browser on the server machine itself, it will work every time, regardless of who is logged in. Thoughts?

EDIT - I'm using Windows session credentials for authentication - the method used by the webpage back-end is LogonUser, which is imported from advapi32.dll

2 answers

solution1
 0  2012-03-07 02:33:17

If you learn more about forms authentication details, you know that IIS/ASP.NET uses a cookie to identify whether a user has been authenticated. For load balancing scenarios, you need to enable ASP.NET session, and use out of process session mode (SQL Server mode recommended).

Only in that way, a user's session is valid across machines, and he/she can access all boxes after authenticated on one of them,

The last bit you need to pay attention to is the machine keys. For all boxes, they must use the same machine key to encrypt the session info. Otherwise, if the user is authenticated on one box, another box cannot decrypt the info.

http://msdn.microsoft.com/en-us/library/ff649308.aspx

solution2
 0 ACCPTED  2012-03-07 23:33:57

I discovered the source of my problem, and as it turns out, there was nothing wrong with the way I was using Forms Authentication.

The error, as it turns out was a timeout value for the authentication request that was too low for any machine to beat except for the very server that hosts the website. I modified the timeout value for the Forms tag in the web.config file from 5 to 5000 and that did the trick.

So what appeared to be a problem of the server mishandling sessions was actually just the inability of other machines to complete an authentication request in time. Thanks for your help anyway.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question block access to files for users but allow access for admins asp.net IIS C# Allow all users from active directory access website on IIS using windows authentication How to Configure IIS to allow AngularJS to route to HTML Configure IIS Express to allow requests with public ip How can I allow multiple domains by using "Access-Control-Allow-Origin" in IIS 8 IIS 6 Allow anonymous access by default Multiple simultaneous user access with same credentials Create an IIS7 user and allow access to directory? IIS simultaneous requests limit Access-Control-Allow-Origin is in IIS, but not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM