I am wondering if there is a best practice or a standard way of managing my user data with claims data.
Scenario: A users logs in using a 3rd party and is redirected back to my application. All i have at this point is a ID that maps to a user profile in our database. A angular application will be making requests to the back end api.
So im wondering where to put the (lets say) roles and flags the user has in our database for restricting route access and other things.
I guess i could fetch it every request but i can see it adding some overhead.
So i figure i have a few options: add my data to a Session, add my data to the current user (ClaimsPrincipal) or use Caching. These all have trade offs. Session locks, caching also has sync issues, fetching every request has latency, ClaimsPrincipal stuff seems unruly ?
im using net framework 4.7
Link to the code https://github.com/ricardosaracino/SamlNet
public class UserHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var currentUser = HttpContext.Current.User as ClaimsPrincipal;
var claims = currentUser?.Claims;
var nameIdentifierClaim = claims?.FirstOrDefault(claim => claim.Type == ClaimTypes.NameIdentifier);
var nameId = nameIdentifierClaim?.Value;
// if NOT cached or expired
// read from database
// set user in cache with nameid
// set request.Properties from cache
request.Properties["currentUser"] = new CurrentUser()
{
Id = Guid.NewGuid()
};
return base.SendAsync(request, cancellationToken).ContinueWith((task) =>
{
var a = request.Properties["currentUser"];
// if modified add back to cache
return task.Result;
});
}
}
