Staying Logged in across Azure App Service Swap

,

I love being able to deploy to slots with Azure Standard and above App Services. These allow me a main production site, a slot for testing which has a separate database, and staging slot that shares a database with production.

The Problem

Whenever I swap the production and stage sites, all the users of the production site get logged out. This is because the token encryption keys are independent for the production and staging slots. This means that the tokens for the production are invalid when stage becomes production thus effectively logging the user out. It does seem that Microsoft would provide a simpler solution for this, but I couldn’t find one.

The Solution

After much digging I was able to patch together several articles and come up with what I thought was a reasonable solution.

I needed a way to keep the same encryption keys across both the staging and production slots. Enter Azure Blob Storage. By setting up a storage location in Azure, I could keep the same key for both environments. And thanks to the highly configurable and dependency injected ASP.NET Core, I was able to configure Data Protection with the new storage location.

The resulting code is as follows

The first section just reads configuration variables from the configuration provider. This could use Azure environment variables. If the variables exist, the blob storage URI is used to connect. Once connected with the client, a check is done to open the container if it exists or create it if it doesn’t. Finally, the DataProtection service is added with the container and blob name. It was very nice that ASP.NET Core had a built in ability to use blob storage for this very case.

I also wanted to include a sample configuration, in this case in an appsetting.json format. This will give some idea of what the various setting should look like.

 

Leave a Reply

Your email address will not be published. Required fields are marked *