Auto logout after Docker deployment in ASP.NET Core MVC Identity

Question

I'm using ASP.NET Identity for Authentication and Authorization. Since I use docker on the recommended way (separate container for building and running), I got always logged out after each deployment. Seems like ASP.NET Core doesn't store the sessions in the database. Also cause I can't see any table where they are.

How can I fix this so that my users don't get logged out after each deployment?

I think I need to store the sessions in the database. But I couldn't find information how to do this. I found information about using Redis as session store. This comes near - I'm not sure, if this also affect the ASP.NET Identity session, or only the session stores like TempData. And the other problem is, that I would like to store the session in my MySQL database using Pomelo.EntityFrameworkCore.MySql provider.

Answer 1

Found out that using memory storage causes issues with the encryption keys, too. In Short, ASP.NET Core use those keys to protect sensitive data like sessions. So they're not stored in plain text. Seems like that ASP.NET generate those keys automatically on the first application run.

Cause it runs in a Docker container, this will result in two big problems:

• The encription key get lost by rebuilding the container image. ASP.NET Core generated a new one automatically, but can't decrypt the existing sessions cause they were encrypted using an different key

• A container is isolated, so the default memory storage provider for sessions would lost its data after every new deployment

This could be solved by using a storage which is running on a different server than the webserver, as I suggested. I couldn't find any MySQL implementation for this. Only SQL server, which seems to be MSSQL. I fixed it by installing a Redis server. Its used for session storage and the encryption keys.

To let ASP.NET Core storage encryption keys in Redis, install the Microsoft.AspNetCore.DataProtection.Redis provider and append the following lines to ConfigureServices before AddOptions

var redis = ConnectionMultiplexer.Connect($"{redisIpAddress}:{redisPort}");
services.AddDataProtection().PersistKeysToRedis(redis, "DataProtection-Keys");

Note, that this is only part of ASP.NET Core since the 1.1.0 release. Cause it has dependencies on other packages of the 1.1.0 branch, I'd assume that its not working on the LTS 1.0 release. In this case, you may need to write a custom implementation which is 1.0 compatible. But I haven't tested this, since I'm using 1.1.0 in my project. More infos in this article: http://www.tugberkugurlu.com/archive/asp-net-core-authentication-in-a-load-balanced-environment-with-haproxy-and-redis

In summary, I don't think its a bad idea to use Redis for this instead of a SQL database, cause Redis is optimized for serving key-value pairs very fast. And the base is there to use Redis for caching other parts of the application like (complex) database queries. This can speed up your application and reduce load of the database server.