服务器端声称使用Owin身份验证进行缓存

Question

我有一个过去常用的应用程序,FormsAuthentication不久之前我将其切换为使用IdentityModelfrom,WindowsIdentityFramework以便我可以从基于声明的身份验证中受益,但使用和实现它相当难看.所以现在我在看OwinAuthentication.

我在看OwinAuthentication和Asp.Net Identity框架.但是Asp.Net Identity框架目前唯一的实现是使用EntityModel和我正在使用nHibernate.所以现在我想尝试绕过Asp.Net Identity并直接使用Owin Authentication.我终于能够使用" 我如何忽略身份框架魔法并使用OWIN auth中间件来获取我所寻求的声明？ "中的提示进行工作登录,但现在我持有声明的cookie相当大.当我使用时,IdentityModel我能够使用服务器端缓存机制来缓存服务器上的声明,而cookie只是为缓存的信息保存了一个简单的令牌.是否有相似的功能OwinAuthentication,或者我必须自己实现它？

我希望我会参加其中一艘船......

2. cookie保持3KB,哦,它有点大.
3. 启用类似于IdentityModelSessionCaching的功能Owin,我不知道.
4. 编写我自己的实现来缓存导致cookie膨胀的信息,看看我是否可以Owin在应用程序启动时配置它.

5. 我这样做是错的,有一种我没有想过的方法,或者我在滥用某些东西Owin.

   public class OwinConfiguration
   {
       public void Configuration(IAppBuilder app)
       {
           app.UseCookieAuthentication(new CookieAuthenticationOptions
           {
               AuthenticationType = "Application",
               AuthenticationMode = AuthenticationMode.Active,
               CookieHttpOnly = true,
               CookieName = "Application",
               ExpireTimeSpan = TimeSpan.FromMinutes(30),
               LoginPath = "/Login",
               LogoutPath = "/Logout",
               ReturnUrlParameter="ReturnUrl",
               SlidingExpiration = true,
               Provider = new CookieAuthenticationProvider()
               {
                   OnValidateIdentity = async context =>
                   {
                       //handle custom caching here??
                   }
               }
               //CookieName = CookieAuthenticationDefaults.CookiePrefix + ExternalAuthentication.ExternalCookieName,
               //ExpireTimeSpan = TimeSpan.FromMinutes(5),
           });
       }
   }
   

更新 我使用红叶提供的信息得到了预期的效果,我提出了以下逻辑......

Provider = new CookieAuthenticationProvider()
{
    OnValidateIdentity = async context =>
    {
        var userId = context.Identity.GetUserId(); //Just a simple extension method to get the ID using identity.FindFirst(x => x.Type == ClaimTypes.NameIdentifier) and account for possible NULLs
        if (userId == null) return;
        var cacheKey = "MyApplication_Claim_Roles_" + userId.ToString();
        var cachedClaims = System.Web.HttpContext.Current.Cache[cacheKey] as IEnumerable<Claim>;
        if (cachedClaims == null)
        {
            var securityService = DependencyResolver.Current.GetService<ISecurityService>(); //My own service to get the user's roles from the database
            cachedClaims = securityService.GetRoles(context.Identity.Name).Select(role => new Claim(ClaimTypes.Role, role.RoleName));
            System.Web.HttpContext.Current.Cache[cacheKey] = cachedClaims;
        }
        context.Identity.AddClaims(cachedClaims);
    }
}

Answer 1

OWIN cookie身份验证中间件不支持类似功能的会话缓存.#2不是一个选项.

#3是正确的方法.正如Prabu建议的那样,您应该在代码中执行以下操作:

OnResponseSignIn:

• 使用唯一键(GUID)保存缓存中的context.Identity
• 创建一个嵌入了唯一键的新ClaimsIdentity
• 将context.Identity替换为新标识

OnValidateIdentity:

• 从context.Identity获取唯一的密钥声明
• 通过唯一键获取缓存的标识
• 使用缓存的标识调用context.ReplaceIdentity

我打算建议你gzip cookie,但我发现OWIN已经在它的TicketSerializer中做到了.不适合你.

Answer 2

Provider = new CookieAuthenticationProvider()
{
    OnResponseSignIn = async context =>
    {
        // This is the last chance before the ClaimsIdentity get serialized into a cookie. 
        // You can modify the ClaimsIdentity here and create the mapping here. 
        // This event is invoked one time on sign in. 
    }, 
    OnValidateIdentity = async context => 
    {
        // This method gets invoked for every request after the cookie is converted 
        // into a ClaimsIdentity. Here you can look up your claims from the mapping table. 
    }
}