1

I'm about to make a decision on whether to use claims or session for some items that would require frequent access in my application but I am concerned about performance.

That is why I want to find out whether the application will always query the database to get the claims of a given role or logged in user anytime such is required in the application or is there a way the ASP.NET-Core application stores claims in a way that it does not require to always query the database to retrieve claims for a currently logged in role or user.

I'm in a dilema to rather store the items in session for the sake of performance. If that is the case, is there a downside to using session instead of claims to store items that would be needed as long as the user is logged in to the application?

Guidance please

Josh
  • 1,660
  • 5
  • 33
  • 55

1 Answers1

0

"Claims are the user data and they are issued by a trusted source. If we are working with token-based authentication, a claim may be added within a token by the server that generates the token. A claim can have any kind of data such as "DateOfJoining", "DateOfBirth", "email", etc. Based on a claim that a user has, a system provides the access to the page, which is called Claim based authorization". So using claims does not represent any additional effort in accessing the database.

Pedro Brito
  • 263
  • 1
  • 9
  • So, if I have other properties I fetched from a database such as surname, gender, etc. and add them to the user claims on a successful user login. From what you're saying, when I need to access those properties later in the application, the application doesn't hit the database again to get the values of those properties since they're already stored in the claims token. Is that right? – Josh Sep 02 '19 at 17:07
  • Yeah! That is correct! To help you with your doubts, take a look at this links.https://dev.to/rickab10/authenticate-authorization-and-claim-all-you-need-to-know-in-aspnet-core-ahn and https://www.c-sharpcorner.com/article/claim-based-and-policy-based-authorization-with-asp-net-core-2-1/ – Pedro Brito Sep 02 '19 at 18:58