Asp.net Core 2 Identity Login session lost on Service Fabric Cluster multi machine

Asp.net Core 2 app hosted on Service Fabric, with 1 node type of 5 Virtual machines in a Virtual Machine Scale Set.

In local all works perfectly, but when the app is live, after the login, while browsing the pages (where the authentication is required) asks again for the login, multiple times losing the authentication session. It stops for a while after 4 or 5 logins. Also the "remember me feature" does not work and the session last for like 10 minutes.

I think this has something to do with the app being hosted on multiple machines, it's like any single machine requires it's own login.

I did hours of researches, changing the cookie settings, using the SameSiteMode.None and Sliding expiration but couldn't figure it out, I suspect all the machines in the farm must have the same machine key for decrypting the authentication cookie. Do I have to set a single Machine Key to make this work? How do I do that?

This is my config code in startup:

 services.Configure<IdentityOptions>(options =>
        {
            // Password settings
            options.Password.RequireDigit = true;
            options.Password.RequiredLength = 8;
            options.Password.RequireNonAlphanumeric = true;
            options.Password.RequireUppercase = true;
            options.Password.RequireLowercase = false;
            options.Password.RequiredUniqueChars = 4;

            // Lockout settings
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
            options.Lockout.MaxFailedAccessAttempts = 15;
            options.Lockout.AllowedForNewUsers = true;

            options.SignIn.RequireConfirmedEmail = true;
            options.SignIn.RequireConfirmedPhoneNumber = false;

            // User settings
            options.User.RequireUniqueEmail = true;
        });

        services.ConfigureApplicationCookie(options =>
        {
            // Cookie settings
            options.Cookie.Name = "LoginCookie";
            options.Cookie.SameSite = SameSiteMode.None;
            options.Cookie.HttpOnly = true;
            options.ExpireTimeSpan = TimeSpan.FromHours(12);
            options.LoginPath = "/Console/Account/Login";
            options.LogoutPath = "/Console/Account/Logout";
            options.AccessDeniedPath = "/Console/Account/AccessDenied";
            options.SlidingExpiration = true;
        });

I've analogical issue ASP.NET Core 2 mvc with identity.app hosted on shared hosting.User lost identity unexpected. Locally it works very fine. Here is my Startup:

public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<GanDrorIdentityDb>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), b => b.MigrationsAssembly("GanDror")));

        services.AddIdentity<ApplicationUser, ApplicationRole>()
            .AddEntityFrameworkStores<GanDrorIdentityDb>()
            .AddDefaultTokenProviders();



        services.Configure<SMPTConfig>(Configuration.GetSection("SMTPConfigSection"));
        // Configure Identity
        services.Configure<IdentityOptions>(identityOptions =>
        {

            // Password settings
            identityOptions.Password.RequireDigit = true;
            identityOptions.Password.RequiredLength = 6;
            identityOptions.Password.RequireNonAlphanumeric = false;
            identityOptions.Password.RequireUppercase = false;
            identityOptions.Password.RequireLowercase = false;

            //    // Lockout settings
            identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
            identityOptions.Lockout.MaxFailedAccessAttempts = 10;

            // User settings
            identityOptions.User.RequireUniqueEmail = true;

        });



        // Cookie settings
        services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.SameSite = SameSiteMode.Strict;
                // Cookie settings
                options.Cookie.HttpOnly = true;
                options.ExpireTimeSpan = TimeSpan.FromDays(100);
                options.LoginPath = new PathString("/Account/Login");
                options.LogoutPath = new PathString("/Account/LogOut");
                .options.AccessDeniedPath = "/Account/AccessDenied";
                options.SlidingExpiration = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
            });

        //var environment = services.BuildServiceProvider().GetRequiredService<IHostingEnvironment>();


        //services.AddDataProtection()
        //        .SetApplicationName($"my-app-{environment.EnvironmentName}")
        //        .PersistKeysToFileSystem(new System.IO.DirectoryInfo($@"{environment.ContentRootPath}\keys"));

        //  services.AddDataProtection();
        services.AddMvc();

        services.Configure<MvcOptions>(options =>
        {
            options.Filters.Add(new RequireHttpsAttribute());
        });

        // Add application services.
        services.AddScoped<IRepository<User>, UserRepository>();
        services.AddScoped<IRepository<Photo>, PhotoRepository>();
        services.AddScoped<IRepository<GanActivity>, ActivityRepository>();
        services.AddScoped<IRepository<CategoryActivity>, CategoryRepository>();
        services.AddSingleton<IEmailSender, EmailSender>();

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public  void Configure(IApplicationBuilder app, IHostingEnvironment env,IServiceProvider serviceProvider, ILoggerFactory loggerFactory)// RoleManager<ApplicationRole> roleManager, UserManager<ApplicationUser> userManager)
    {
       // loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        //loggerFactory.AddDebug();

        if (env.IsDevelopment())


            {
            app.UseBrowserLink();
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        var options = new RewriteOptions()
  .AddRedirectToHttps();

        app.UseRewriter(options);
        app.UseStaticFiles();

        app.UseAuthentication();

        app.UseMvcWithDefaultRoute();
        //app.UseMvc(routes =>
        //{
        //    routes.MapRoute(
        //        name: "default",
        //        template: "{controller=Home}/{action=Index}/{id?}");
        //});

        CreateRoles(serviceProvider).Wait();
    }

Windows Authentication in Service Fabric and ASP.NET Core 2.0 , Asp.net Core 2 Identity Login session lost on Service Fabric Cluster multi machine. programming microsoft azure service fabric pdf free download stackoverflow  Tutorial: Monitor and diagnose an ASP.NET Core application on Service Fabric using Application Insights. 07/10/2019; 10 minutes to read +10; In this article. This tutorial is part five of a series. It goes through the steps to set up monitoring and diagnostics for an ASP.NET Core application running on a Service Fabric cluster using Application

In your Azure load balancer configuration: Ensure that "Client IP and protocol" is set als session persistence in the rules for your endpoints (ssl and non ssl)

ASP.NET core Windows Authentication, Service Fabric vs no , Recently, I worked on a Service Fabric solution for a customer, where my team had ASP.NET Core 2.0 Support: the Microsoft.ServiceFabric.AspNetCore. local machine through the Web Platform Installer, and the cluster is started with the 2. Create a Service Fabric application, name it MyApplication. Recently, I worked on a Service Fabric solution for a customer, where my team had to configure secure communication capabilities to existing reliable (stateless) services, built on top of the ASP.NET Core 2.0 framework. This article will highlight key aspects and describe a way to properly con

I suggest to have a look on settings that are different between the ServiceFabric env and the local one.

I had similar issue which I spent hours to understand. Finally it was a ValidIssuer property that was set from a setting file (Settings.xml as a default values and ApplicationManifest.xml which is loaded only on ServiceFabric env). The default value in Settings.xml was correct but the ApplicationManifest.xml value was wrong, thus validation failed and HttpContext.User was set to anonymous unauthenticated WindowsPrincipal.

[PDF] Programming Microsoft Azure Service Fabric, Identity.IsAuthenticated is true. I then create a Service Fabric project, with a stateless ASP.NET Core service with Windows Authentication. If I  Session State in ASP.NET Core. As I stated above, if you're using ASP.NET Core 2.0 or earlier, you won't see this problem. I'll demonstrate the old "expected" behaviour using an ASP.NET Core 2.0, to show how people experiencing the issue typically expect session state to behave.

ASP.NET, Provisioning a Service Fabric cluster on Azure . Latest version of Azure SDK (2 .8 or above, install via Web PI) . including some of the largest virtual machines in the cloud, large-scale workloads still can exceed this section, you create a new application with an ASP . NET Core 1 .0 is an entirely new web application​. Session state is an ASP.NET Core scenario for storage of user data while the user browses a web app. Session state uses a store maintained by the app to persist data across requests from a client. The session data is backed by a cache and considered ephemeral data—the site should continue to function without the session data. Critical

Making Sense of the Metadata: Clustering 4,000 Stack Overflow tags , ASP.NET - Free source code and tutorials for Software developers and Architects​.; ASP.NET Core - Part 2 How to develop multi-platform and connected apps and deploy on Azure Create a permanent login session using customized cookie NET Identity 2.0 Roles and Implementation of Role Based Authorization​  Title: 0038 - ASP.NET MVC Core app with cookie authentication hosted in Service Fabric This video describes the basics of enabling cookie authentication in our ASP.NET MVC Core application. We go

[PDF] Azure Security Documentation, 'machine-learning' shows a relation to 'python', but not the other way around. in​: How are google , amazon , and azure represented in each cluster? google: google-maps-android-api-2, google-play-services, google-fabric, clr, type-​inference, asp.net-core-signalr, asp.net-core-identity, app-config,  Deploy your ASP.NET Core app to Azure Service Fabric 10 July 2017 Comments Posted in Azure, Service Fabric, ASP.NET Core. Service Fabric is Azure's highly scalable, multi-node, always-on solution that's designed to make deployment and running of distributed micro-services (and not only) a breeze.

Comments