Enabling High Availability in .Net Web Applications
High Availability is one of the major concerns when we architect or design an application. Making the applications highly available is also so easy with the help of the tools and software available.
Read the Understanding High Availability & How to achieve it? to find what is high availability & things we do need to consider to make apps to be highly available.
When making your web applications highly available, we have to take care of the below things.
- Files (Uploaded Files & Logs)
Files can be moved to a separate file server like S3, Azure Blob Storage, etc. - Session State
Session State can be stored on any databases like SQL, AWS DynamoDB, Redis Database, etc. Storing sessions in Redis is one of the recommended solutions. - IIS Encryption & Decryption
Handling the Authentication ticket, Anti-forgery Tokens using Machine Key Configuration.
Storing session to the application database is not advisable, So if you are storing them on databases choose a different database or server.
Session on Redis
We will use Microsoft.Web.RedisSessionStateProvider for storing the session in the Redis Server, this package will read the session and store the session in any Redis server based on the configuration we provide.
Right-click on the project and then choose Manage NuGet package and add Microsoft.Web.RedisSessionStateProvider.
<add name="MySessionStateStore"host = "127.0.0.1" [String]port = "" [number]accessKey = "" [String]ssl = "false" [true|false]throwOnError = "true" [true|false]retryTimeoutInMilliseconds = "5000" [number]databaseId = "0" [number]applicationName = "" [String]connectionTimeoutInMilliseconds = "5000" [number]operationTimeoutInMilliseconds = "1000" [number]connectionString = "<Valid StackExchange.Redis connection string>" [String]settingsClassName = "<Assembly qualified class name that contains settings method specified below. Which basically return 'connectionString' value>" [String]settingsMethodName = "<Settings method should be defined in settingsClass. It should be public, static, does not take any parameters and should have a return type of 'String', which is basically 'connectionString' value.>" [String]loggingClassName = "<Assembly qualified class name that contains logging method specified below>" [String]loggingMethodName = "<Logging method should be defined in loggingClass. It should be public, static, does not take any parameters and should have a return type of System.IO.TextWriter.>" [String]redisSerializerType = "<Assembly qualified class name that implements Microsoft.Web.Redis.ISerializer>" [String]/>
This element will be added inside the sessionState provider’s section of the Web.config. Please do update the necessary configurations to connect to a Redis server.
Do prefer connectionstring settings over other configurations as we can customize them easily.
<add name="MySessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider" connectionstring="http://rediserver.com:6379, abortConnect=false,ssl=true" accessKey=""/>Please check the Microsoft.Web.RedisSessionStateProvider — Home Page for configuration and other details.
Logs on S3 or Database
For storing the files which are uploaded by the user, We use S3 for them. So we will use the same for the Application Logs, the logs will be written in the S3 Bucket inside a folder.
As we had used log4Net Package for logging, there is a wrapper available for that to write logs on S3 named log4Net.Appender.Aws.
We can use the below configuration on the log4net config file or the Web.config for writing logs to S3.
S3 Appender & ADO.Net Appender Configurations
If you are not comfortable with S3, You can also write your logs on the Databases. The above gist has the configuration of both S3 & ADO.Net File appenders for log4net.
Machine Key Config
IIS automatically generates a cryptography key for each application and stores the key in the HKCU registry hive. Whenever the Form Authentication Ticket or Anti-forgery token is generated IIS uses this stored key to encrypt and decrypt the requests, Not only the above it also encrypts various other things like Membership, Role cookie, etc.
When we host our application into multiple servers each server will have a different key for the applications, Application goes for a Toss when a request authorized by one server becomes unauthorized as they have different keys for the encryption-decryption.
We have to generate those keys manually using the IIS Manager which will be updating the Web.config of the application looks like below.
<configuration>
<system.web>
<machineKey decryption="Algorithm" validation="Algorithm" decryptionKey="Decryption key goes here" validationKey="Validation key goes here" />
</system.web>
</configuration>Check the Setting Up Machine Key in the Reference section to find out how to set Machine Key using the IIS Manager.
