Server side claims caching with Owin Authentication
OWIN cookie authentication middleware doesn't support session caching like feature yet. #2 is not an options.
#3 is the right way to go. As Prabu suggested, you should do following in your code:
OnResponseSignIn:
- Save context.Identity in cache with a unique key(GUID)
- Create a new ClaimsIdentity embedded with the unique key
- Replace context.Identity with the new identity
OnValidateIdentity:
- Get the unique key claim from context.Identity
- Get the cached identity by the unique key
- Call context.ReplaceIdentity with the cached identity
I was going to suggest you to gzip the cookie, but I found that OWIN already did that in its TicketSerializer. Not an option for you.
Provider = new CookieAuthenticationProvider(){ OnResponseSignIn = async context => { // This is the last chance before the ClaimsIdentity get serialized into a cookie. // You can modify the ClaimsIdentity here and create the mapping here. // This event is invoked one time on sign in. }, OnValidateIdentity = async context => { // This method gets invoked for every request after the cookie is converted // into a ClaimsIdentity. Here you can look up your claims from the mapping table. }}
You can implement IAuthenticationSessionStore to store cookies into database.
Here's example for storing cookie in redis.
app.UseCookieAuthentication(new CookieAuthenticationOptions{AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,SessionStore = new RedisSessionStore(new TicketDataFormat(dataProtector)),LoginPath = new PathString("/Auth/LogOn"),LogoutPath = new PathString("/Auth/LogOut"),});
Check out full example at here