Staying Logged in across Azure App Service Swap

,

I love being able to deploy to slots with Azure Standard and above App Services. These allow me a main production site, a slot for testing which has a separate database, and staging slot that shares a database with production.

The Problem

Whenever I swap the production and stage sites, all the users of the production site get logged out. This is because the token encryption keys are independent for the production and staging slots. This means that the tokens for the production are invalid when stage becomes production thus effectively logging the user out. It does seem that Microsoft would provide a simpler solution for this, but I couldn’t find one.

The Solution

After much digging I was able to patch together several articles and come up with what I thought was a reasonable solution.

I needed a way to keep the same encryption keys across both the staging and production slots. Enter Azure Blob Storage. By setting up a storage location in Azure, I could keep the same key for both environments. And thanks to the highly configurable and dependency injected ASP.NET Core, I was able to configure Data Protection with the new storage location.

The resulting code is as follows

The first section just reads configuration variables from the configuration provider. This could use Azure environment variables. If the variables exist, the blob storage URI is used to connect. Once connected with the client, a check is done to open the container if it exists or create it if it doesn’t. Finally, the DataProtection service is added with the container and blob name. It was very nice that ASP.NET Core had a built in ability to use blob storage for this very case.

I also wanted to include a sample configuration, in this case in an appsetting.json format. This will give some idea of what the various setting should look like.

 

Share this story

2 responses to “Staying Logged in across Azure App Service Swap

  1. Sergi,
    Thanks for the comment. Here are a few things to try…
    1. Make sure the user has permission to create.
    2. You also might want to try to create it yourself to see if that helps things.
    3. Make sure you aren’t swallowing any exception during startup.
    4. Step through the code and see what is coming back in your container variable.
    5. Make sure you aren’t pointing to an unexpected spot and just missing the one that is actually getting created.
    Hope that helps,
    Grant

  2. Hi Grant,

    Thanks a lot for this post, I;m running into this problem now for a client and it’s wrecking havoc.

    I’ve implemented your proposed solution, and the container is created nicely…. I don’ t see any blobs being created however.
    What should I expect to see? Is there a way to know for a fact that it’s working?

    Thanks again!

    Sergi

Leave a Reply

Your email address will not be published. Required fields are marked *