Menu
I am looking at the new bits of ASP.NET MVC 5 authentication, and noticed that everything now is a ClaimsIdentity. I was wondering where those values are stored:
Session, Cache, or in the Cookie itself.
If it is stored in the cookie, then there is an obvious limit to the # of claims you can store before exceeding the size limit of cookies.
533
ClaimsIdentity itself does not have a storage mechanism. But if you use the OWIN cookie middleware, yes it is stored in a cookie. And yes - there is a limit.
193
As mentioned above, the Claims from various sources can be persisted between sessions via a cookie created during the authentication process by default with OWIN. This is configured usually in \App_Start\Startup.Auth.cs. You can set things like when the cookie expires, whether you want a sliding expiration (cookie timeout is updated on return visits), where your authentication/authorization endpoint is, etc. The later part allows you to hook into providing additional Claims during the ClaimsPrincipal and ClaimsIdentity creation process. With a decent expiration, you only have to do this once for the users session. On subsequent trips back to your site, the OWIN middleware will parse the cookie and recreate all the claims from this step.
You shouldn't need to worry about cookie size and the new OWIN auth middleware implements cookie chunking (it's currently available from the pre-release sources - stable version does not chunk).
We've implemented this in our enterprise and we have several Claims sources: our internal single signon service, active directory, and our own application's database (for roles and additional properties about the user we care to track).
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
