I've been looking at examples and documentation for using token/claims based authentication in .net applications using wif or thinktecture identitymodel.
One example was: Token based authentication
But I cant seem to find information regarding how tokens 'should' be used.
Given the .net console app scenario:
- How are or how do you persist the tokens?
- Where should they be stored?
- Should they be stored?
- Or are you sposed to request a new token everytime the user loads the console app?
Naively I assumed, the user would load the app, request a token, STS would issue token (if their username maps against a username in the provider etc.), token would be sent to user, app would deserialize token, extract claims and use claims accordingly.
I'd like to understand how tokens should be persisted, then I assumed you should check for a token upon app loading, check if token hasnt expired etc.
View from anyone with token/claims based authentication in .net/windows apps (winforms, console) would be great hear.
