With ASP.NET Forms Authentication, its possible to setup all the servers in a webfarm to share the same machine key for encryption of authentication tickets, meaning if you can get by without requiring session state in your application scale out to a web farm is easy.
i.e., http://www.iambacon.co.uk/blog/getting-asp-net-authentication-to-work-on-a-web-farm
Is there a method to do accomplish this disconnected setup using ServiceStack Authentication, or does implementation require a shared session state to be persisted somewhere accessible by all web servers? I'm assuming shared state is required, but if there's a way around it, would interested to learn more... (we load-balance globally, so shared state is a bit more of a challenge)
ServiceStack Sessions are essentially the User Session DTO's serialized in the registered Caching providers. All Caching providers except for MemoryCacheClient
persists to a distributed data store so they're naturally load balanced by just using the same configuration.
The Auth Providers that implement IAuthWithRequest
can authenticate on-the-fly and access protected services without prior authentication, namely:
But overall this would be worse performance since it has to authenticate on each request instead of a single cache hit to access the users session.