ASP.NET Forms Authentication on Load Balanced Servers

Question

Are there any possible issues with using the default Forms Authentication (see below) on Load Balanced servers? If there can be, what can I do to prevent the issues.

<

Answer 1

There is one issue. The cookies are encrypted and validated using the machine key and the validation key (that's what protection="All" means). You will have to set those in your top-level web.config in all the servers, otherwise each of them will have a different one and will reject cookies set by the others.

You can find a machineKey generator here. Then put the generated xml inside in the web.config of all the servers and you're ready to rock.