Share via

Where is Distributed Cache for Kubernetes/ReplicaSet/Nodejs Sample WebApp For AAD/B2C/OpenIDConnect Authentication?

Siegfried Heintze 1,906 Reputation points
2022-01-24T02:22:24.04+00:00

I just completed learn module: 3-exercise-create-resources and I have a sample nodejs app running in a kubernetes pod talking to a mongoDB... But this sample does not include authorization.

With a very minor enhancement, I have the 2 nodejs web server(s) in a replica set and I can watch the load balancer working with the "kubectl logs -f" command on each pod... Very cool!
I've also worked thru some of the AAD/B2C and AAD/B2B samples that demonstrate authentication with nodejs apps... But those examples are not running on a web farm...

Now I want to enhance this first learn module sample with AAD/B2C authentication and I'm wondering if distributed caching is required?

I read "When Data Protection or caching isn't configured for a web farm environment, intermittent errors occur when requests are processed. This occurs because nodes don't share the same resources and user requests aren't always routed back to the same node.". I assume the term "web farm" refers to the autoscaler feature in App Service or Kubernetes replica sets.

So then I also read that this special caching is a concern with OAuth or OpenIDConnect and there is a link (on the previously mentioned data protection page) to this list of magical distributed caching services for ASP.NET Core programmers (that does not include a cosmosdb option). Well that is OK for ASP.NET core/Kesteral webapps, but what about my sample nodejs app? Do nodejs web apps have to have a magical caching service to run properly in a web farm with AAD/B2C/OpenIDConnect like ASP.NET webapps? And what about ASP.NET Core Web apps that use cosmosdb instead of redis or Azure SQL?

Now I've also seen the Microsoft AAD samples for Java programmers... What about java programmers using Tomcat or Jetty running inside kubernetes replica sets and using AAD OAuth/OpenIDConnect? How do they call these ASP.NET distributed caching functions?

Thanks

Siegfried

Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Evgeny Grishchenko 486 Reputation points
    2024-01-09T10:27:28.0266667+00:00

    To answer your question "...with AAD/B2C authentication... if distributed caching is required?" I would say it depends. You need a shared store for your sessions, implemented thru cookies. It could be distributed cache (aka Redis), a file, or a database. So, pick up what bees your needs.

    The mentioned Data Protection for .Net "... provides a cryptographic API to protect data, including key management and rotation.". The key word here is cryptographic, meaning you need to encrypt and decrypt your session details based on the cookie. Since it could happen in different nodes, the Data Protection has different key storage providers in ASP.NET Core: blob storage, redis, ... .

    In case of node implementation, if you look at cookie-session package, to create a signature for your cookie and verify it, the shared key is used. In case of .NET and Data Protection, each node uses its own key (private?).

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.