.net core 1.0 实现单点登录负载多服务器

 <?xml version="1.0" encoding="utf-8"?>
<key id="cbb8a41a-9ca4-4a79-a1de-d39c4e307d75" version="1">
 <creationDate>2016-07-23T10:09:49.1888876Z</creationDate>
 <activationDate>2016-07-23T10:09:49.1388521Z</activationDate>
 <expirationDate>2116-10-21T10:09:49.1388521Z</expirationDate>
 <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60">
 <descriptor>
 <encryption algorithm="AES_256_CBC" />
 <validation algorithm="HMACSHA256" />
 <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection">
 <!-- Warning: the key below is in an unencrypted form. -->
 <value>WYgZNh/3dOKRYJ1OAhVqs56pWPMHei15Uj44DPLWbYUiCpNVEBwqDfYAUq/4jBKYrNoUbaRkGY5o/NZ6a2NTwA==</value>
 </masterKey>
 </descriptor>
 </descriptor>
</key>

public class CustomFileXmlRepository : IXmlRepository
 {
 private readonly string filePath = @"C:\keys\key.xml";
 public virtual IReadOnlyCollection<XElement> GetAllElements()
 {
 return GetAllElementsCore().ToList().AsReadOnly();
 }
 private IEnumerable<XElement> GetAllElementsCore()
 {
 yield return XElement.Load(filePath);
 }
 public virtual void StoreElement(XElement element, string friendlyName)
 {
 if (element == null)
 {
 throw new ArgumentNullException(nameof(element));
 }
 StoreElementCore(element, friendlyName);
 }
 private void StoreElementCore(XElement element, string filename)
 {
 }
 }

 public class Startup
 {
 public Startup(IHostingEnvironment env)
 {
 var builder = new ConfigurationBuilder()
 .SetBasePath(env.ContentRootPath)
 .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
 .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
 .AddEnvironmentVariables();
 Configuration = builder.Build();
 }
 public IConfigurationRoot Configuration { get; }
 // This method gets called by the runtime. Use this method to add services to the container.
 public void ConfigureServices(IServiceCollection services)
 {
 services.AddSingleton<IXmlRepository, CustomFileXmlRepository>();
 services.AddDataProtection(configure =>
 {
 configure.ApplicationDiscriminator = "Htw.Web";
 });
 // Add framework services.
 services.AddMvc();
 }
 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
 {
 loggerFactory.AddConsole(Configuration.GetSection("Logging"));
 loggerFactory.AddDebug();
 if (env.IsDevelopment())
 {
 app.UseDeveloperExceptionPage();
 app.UseBrowserLink();
 }
 else
 {
 app.UseExceptionHandler("/Home/Error");
 }
 app.UseStaticFiles();
 app.UseCookieAuthentication(new CookieAuthenticationOptions()
 {
 AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
 LoginPath = new PathString("/Account/Unauthorized/"),
 AccessDeniedPath = new PathString("/Account/Forbidden/"),
 AutomaticAuthenticate = true,
 AutomaticChallenge = false,
 CookieHttpOnly = true,
 CookieName = "MyCookie",
 ExpireTimeSpan = TimeSpan.FromHours(2),
#if !DEBUG
 CookieDomain="h.cn",
#endif
 DataProtectionProvider = null
 });
 app.UseMvc(routes =>
 {
 routes.MapRoute(
 name: "default",
 template: "{controller=Home}/{action=Index}/{id?}");
 });
 }
 }

 public async void Login()
 {
 if (!HttpContext.User.Identities.Any(identity => identity.IsAuthenticated))
 {
 var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }, CookieAuthenticationDefaults.AuthenticationScheme));
 await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
 HttpContext.Response.ContentType = "text/plain";
 await HttpContext.Response.WriteAsync("Hello First timer");
 }
 else
 {
 HttpContext.Response.ContentType = "text/plain";
 await HttpContext.Response.WriteAsync("Hello old timer");
 }
 }