I just upgraded some of my applications to ASP.NET MVC 5. I've been using ASP.NET Membership for ages and was exploring the possibility of switching to ASP.NET Identity.
I'm building a little test application and I've got authentication working (against active directory and a custom SQL Server schema depending on the user) and even authorization by adding role claims to the ClaimsIdentity
before signing the user in (apparently the out of the box Authorize
attribute will actually go against any claim information provided).
It's cool that the claims are stored in the authentication cookie by default. However, that poses a problem when information about the user has changed (i.e. they are added or removed from a role).
Obviously I can roll my own Authorize
attribute as I've always done before. If I do this I would just skip the claims all together and simply check the roles in the database per request.
Is there any way to use claims in ASP.NET Identity and know when they are no longer valid? Does the framework provide any options to solve this?
You probably want to take a look at this question/answer for how this can be taken care of automatically:
What is the SecurityStamp used for?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With