.net Forms身份验证不能用在应用的分布式部署中吗？

参照网上的一些方法，使用Forms身份验证对应用进行分布式部署，发现没有成功。

应用部署的两台内网服务器：192.168.1.19，192.168.1.87，使用Nginx做负载分配，配置完全相同；每台都可以登录运行。

  <system.web>
    <!--配置 ASP.NET 使用的安全身份验证模式，以标识传入的用户。domain=".zt-express.com" -->
    <authentication mode="Forms">
      <forms name=".GDZDAUTHENFORMS" loginUrl="~/Login.aspx" timeout="2880" defaultUrl="~/Main.aspx" path="/" protection="All" />
    </authentication>
    <machineKey validationKey="E804106B394DE7148524A5FB0E7E282F05C3BB98553931F2B3FCDC896473390205326A876AA5490050D795FA181604651878B4285475150437A73F9D705E412A" decryptionKey="9BE9F489677A8285D6A00E902857ABB2986C73534FF2A901" validation="SHA1" />
    <authorization>
      <allow users="*" />
    </authorization>
    <anonymousIdentification enabled="true" cookieName=".GDZDanonymous" />
    <httpRuntime />
    <compilation debug="true" targetFramework="4.0" />
    <pages enableSessionState="true" controlRenderingCompatibilityVersion="4.0" />
    <customErrors mode="Off" />
    <sessionState timeout="3600">
      </sessionState>
  </system.web>

以下时登录成功后的处理

        /// <summary>
        /// 创建一个票据，放在cookie中
        /// 票据中的数据经过加密，解决一下cookie的安全问题。
        /// </summary>
        /// <param name="userInfo">登录用户</param>
        /// <param name="issueDateTime">发布时间</param>
        /// <param name="experation">过期时间</param>
        /// <param name="isPersistent">持久性</param>
        public static void SetCookie(BaseUserInfo userInfo, DateTime? issueDateTime = null, DateTime? experation = null, bool isPersistent = true)
        {
            if (issueDateTime == null)
            {
                issueDateTime = DateTime.Now;
            }
            if (experation == null)
            {
                //设置COOKIE过期时间
                experation = DateTime.Now.AddHours(SystemInfo.UserLoginExperation);
            }
            BaseSystemInfo.UserInfo = userInfo;
            BaseSystemInfo.UserInfo.ServicePassword = BaseSystemInfo.ServicePassword;
            BaseSystemInfo.UserInfo.ServiceUserName = BaseSystemInfo.ServiceUserName;
            BaseSystemInfo.UserInfo.SystemCode = BaseSystemInfo.SystemCode;
            JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
            string userData = javaScriptSerializer.Serialize(BaseSystemInfo.UserInfo);
            //生成验证票据，其中包括用户名、生效时间、过期时间、是否永久保存和用户数据等。
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userInfo.NickName, (DateTime)issueDateTime, (DateTime)experation, isPersistent, userData, FormsAuthentication.FormsCookiePath);
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
            cookie.Expires = (DateTime)experation;
            HttpResponse response = HttpContext.Current.Response;
            //指定客户端脚本是否可以访问[默认为false]
            cookie.HttpOnly = true;
            //指定统一的Path，比便能通存通取
            cookie.Path = "/";
            response.AppendCookie(cookie);

            //移除一下权限缓存数据 以便重新获取缓存数据
            RemoveRedisCache(userInfo);
        }

以下是验证的代码

            //测试 HttpContext.Current.User.Identity.IsAuthenticated在分布式部署中是否有效
            Response.Write(string.Format("测试 HttpContext.Current.User.Identity.IsAuthenticated在分布式部署中是否有效IsAuthenticated：{0}", HttpContext.Current.User.Identity.IsAuthenticated));
            Response.Write("<br/>cookie输出开始=============================");
            foreach (string cookieName in Request.Cookies)
            {
                var mycookie = Request.Cookies[cookieName];
                if (mycookie != null)
                {
                    Response.Write("<br/>" + cookieName + "中含有" + mycookie.Values.Count + "个Key");
                    if (mycookie.Values.Count > 0)
                    {
                        foreach (string s in mycookie.Values)
                        {
                            Response.Write("<br/> “" + s + "”=" + mycookie[s].ToString() + "；");
                        }
                    }
                }
            }
            Response.Write("<br/>cookie输出完毕=============================");

            Response.Write("<br/>FormsCookieName=" + FormsAuthentication.FormsCookieName);
            HttpCookie authCookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                if (authTicket != null)
                {
                    string userData = authTicket.UserData;
                    JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
                    var userInfo = javaScriptSerializer.Deserialize<BaseUserInfo>(userData);
                    Response.Write("<br/>NickName=" + userInfo.NickName);
                }
                else
                {
                    Response.Write("<br/>authTicket = null");
                }
            }
            else
            {
                Response.Write("<br/>authCookie = null");
            }
            Response.Write("<br/>ClientIpAddress = " + UserInRedis.GetCurrentIpAddress(HttpContext.Current));
            Response.Write("<br/>ServerIpAddress = " + Request.ServerVariables.Get("Local_Addr"));

部署完毕，登录系统后，访问测试页面

 

可以看到当前访问应用被分配到192.168.1.19上了

现在把192.168.1.19的应用停掉，再来访问测试页面

从上面可以看出，访问被分配到192.168.1.87上了，而用于认证的.GDZDAUTHENFORMS cookie没有传过来，其它的cookie传过来了。

这是什么原因呢？同样的域名应该说cookie会传到后台的啊。

参考：http://www.cnblogs.com/fish-li/archive/2012/04/15/2450571.html等文章还是没实现，服务器配置是一样的，按理说，同样的域名，访问时应该把cookie都带过去的啊。

 同样的访问请求，应该说每次都会带cookie的，为何在分布式部署中，指向另外一台机子时，cookie获取不到

 

此问题已发到msdn：https://social.msdn.microsoft.com/Forums/vstudio/zh-CN/f666f1d1-3d9e-4620-babb-1eea9302c0d9/forms?forum=295