0

Is there a solution available to use HttpSessionState to store the Token ?

I know we can enable session to make the authentication cookie smaller :

FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;

From what I understood, with the default implementation, the token is stored in memory. http://www.cloudidentity.com/blog/2010/05/26/YOUR-FEDAUTH-COOKIES-ON-A-DIET-ISSESSIONMODE-TRUE/

The HttpSession is not used even if a custom provider is set.

Thinktecture IdentityModel allows us to use a custom token repository by implementing ITokenCacheRepository but it requires an external storage, using the session might be bad (expiration, scope...).

Why the default TokenCache uses an in memory solution instead of Host Session provider ? Is there an easy and safe way to use host's session state ?

Guillaume
  • 12,824
  • 3
  • 40
  • 48

1 Answers1

0

While I didn't tried to store the Token in Session, I implemented ITokenCacheRepository from Thinktecture.IdentityModel using a Redis cache.

The code is available here : https://github.com/guillaume-fr/RedisTokenCache

That may help anybody looking for a way to store Tokens on server side in a Cloud / WebFarm environment. I won't accept my answer as it doesn't says how we could use Session or why we couldn't.

Guillaume
  • 12,824
  • 3
  • 40
  • 48
  • Looking for implementing an ITokenCacheRepository based on httpSession I found this post. Any insight of what is wrong about this approach? – Eduard Jun 24 '18 at 21:57
  • I don't really remember but here is what comes to mind : check where is stored your httpSession (if memory, it will fail in cloud/web farm) it must be secure and work cross instance, ensure that httpSession is already available at the time you need the token in the pipeline. – Guillaume Jun 25 '18 at 12:46