All geek questions in one place

Cookie Authentication Asp.Net Core

Can I use MemoryCache in ITicketStore to store AuthenticationTicket ?

Reference Information. My web application uses cookie authentication:

 app.UseCookieAuthentication(new CookieAuthenticationOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, LoginPath = new PathString("/Authentication/SignIn"), LogoutPath = new PathString("/Authentication/SignOut"), ReturnUrlParameter = "/Authentication/SignIn" });

My web api handles the authorization process using access tokens (OAuth2).

Sometimes (in some browsers) the following exception is thrown:

An unhandled exception occurred: the cookie cookie is incomplete. Only 1 of the expected 2 pieces was found, total 4021 characters. Customer size limit may be exceeded.

The cookie is obviously too large. This is strange because I do not use many claims. All of them are default statements (nameidentifier, nonce, exp, etc.). Now I'm trying to implement my own ITicketStore as a SessionStore in CookieAuthenticationOptions . AuthenticationTicket will be stored in MemoryCache (e.g. in sample ). I am very new to this topic and not sure if this is a good approach and if MemoryCache is a valid solution.

+5
source share
1 answer

Can I use MemoryCache in ITicketStore to store AuthenticationTicket ?

Absolutely, here is an implementation that I have been using for almost a year.

 app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "App.Cookie", AutomaticAuthenticate = true, AutomaticChallenge = true, LoginPath = new PathString("/Authentication/SignIn"), LogoutPath = new PathString("/Authentication/SignOut"), ReturnUrlParameter = "/Authentication/SignIn", SessionStore = new MemoryCacheStore(cache) });

The implementation of MemoryCacheStore looks like this: the example you shared:

 public class MemoryCacheStore : ITicketStore { private const string KeyPrefix = "AuthSessionStore-; private readonly IMemoryCache _cache; public MemoryCacheStore(IMemoryCache cache) { _cache = cache; } public async Task<string> StoreAsync(AuthenticationTicket ticket) { var key = KeyPrefix + Guid.NewGuid(); await RenewAsync(key, ticket); return key; } public Task RenewAsync(string key, AuthenticationTicket ticket) { // https://github.com/aspnet/Caching/issues/221 // Set to "NeverRemove" to prevent undesired evictions from gen2 GC var options = new MemoryCacheEntryOptions { Priority = CacheItemPriority.NeverRemove }; var expiresUtc = ticket.Properties.ExpiresUtc; if (expiresUtc.HasValue) { options.SetAbsoluteExpiration(expiresUtc.Value); } options.SetSlidingExpiration(TimeSpan.FromMinutes(60)); _cache.Set(key, ticket, options); return Task.FromResult(0); } public Task<AuthenticationTicket> RetrieveAsync(string key) { AuthenticationTicket ticket; _cache.TryGetValue(key, out ticket); return Task.FromResult(ticket); } public Task RemoveAsync(string key) { _cache.Remove(key); return Task.FromResult(0); } }
+6
source

Source: https://habr.com/ru/post/1259823/

More articles:


All Articles