In a load balancing scenario, if the client gets sent to a new server on the next postback, is it possible to somehow maintain that Principal authentication when they're transfered to a new server?
We're trying to follow the ProjectTracker Security pretty closely, but I'm worried about how to solve that problem for Load Balancing Scenarios.
Thanks
What we're doing at the moment to resolve this possibility is to simply check to see if the user is signed in still on every page. This seems like a lot of unnecessary data access. Is there a way to avoid that?
The web is a challenging environment due to its very nature. The technology pretends like state doesn't exist, when in reality state does exist. This means we (you in this case) have to come up with your own scheme for dealing with state.
When building a load balanced cluster you can not maintain state on the web server. So you must either maintain it in a shared state store, or in the data stream flowing to/from the browser (through hidden fields, cookies, etc).
Obviously the data stream flowing to/from the browser runs over the slowest network link, and so you want to minimize what you put there. Typically you wouldn't serialize the principal to/from the browser.
Which means your only option is to put that state in a shared state store in your data center. There are two main approaches here. You can either re-create the state from the real database on each page request, or you can read/write the state to some temporary (but shared) location on each page request.
The first option means hitting your security database on each page request to reload the principal. That's probably pretty easy to implement, and isn't a bad solution if your database isn't overtaxed.
The second option can be done in many different ways. I discuss a few in the Business Objects book, and vendors are always coming up with new ones.
None of this, btw, is a CSLA issue - it is just the nature of the web itself. Any competent web consultant or good web book should provide you with many good options on how to manage state in a load balanced cluster.
(one thing I'll call out is Velocity - a Microsoft caching solution - not out yet, but perhaps worth considering)
Copyright (c) Marimer LLC