Share via

app.UseCookieAuthentication - SessionStore

amal James 0 Reputation points
Feb 21, 2025, 4:16 PM

Hi Team,

I have a scenario where in asp.net MVC application the session Key (GUID every time user logs in) is stored to a SQL database Table.

The below methods are used.
I need suggestions for two things

1.The underlying database Can have any number of fields other than Key, Ticketstring ,TicketExpiry.

is it an issue if I add more fields? As the table is handled by asp.net framework?

2.As part of session killing from external application I need to send this key to an API, but I need this key to be fetched from other places where the API calls are happening .Please suggest an approach to do it, I tried to add this key to claims and to retrieve it but the key is missing in claims when I try to fetch it

ASP.NET (C#)
public async Task<string> StoreAsync(AuthenticationTicket ticket)
{
   string Key = Guid.NewGuid().ToString();

//inserting key,TicketString,TicketExpiry to database

   return Task.FromResult(key);

}
public Task RenewAsync(string key, AuthenticationTicket ticket) {

//inserting key,TicketString,TicketExpiry to database
}
C#
 app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
/*
 OtherProperties
*/
  SessionStore = new SqlAuthenticationSessionStore(ticketFormat,db_connectionString)
}
ASP.NET API
ASP.NET API
ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
382 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 71,696 Reputation points
    Feb 22, 2025, 4:41 PM

    Storing the key as a claim is the correct approach. There should be no issue with adding custom claims with cookie authentication.

    0 comments No comments

  2. SurferOnWww 3,801 Reputation points
    Feb 23, 2025, 12:53 AM

    its an MVC app

    I recommend that you use the ASP.NET Identity. The following articles will be helpful to add the key as a claim to the ClamsIdentity:

    If you enable the Role in the ASP.NET Identity, please use the UserClaimsPrincipalFactory<TUser,TRole> instead of UserClaimsPrincipalFactory<TUser>.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.