Storing the key as a claim is the correct approach. There should be no issue with adding custom claims with cookie authentication.
app.UseCookieAuthentication - SessionStore
Hi Team,
I have a scenario where in asp.net MVC application the session Key (GUID every time user logs in) is stored to a SQL database Table.
The below methods are used.
I need suggestions for two things
1.The underlying database Can have any number of fields other than Key, Ticketstring ,TicketExpiry.
is it an issue if I add more fields? As the table is handled by asp.net framework?
2.As part of session killing from external application I need to send this key to an API, but I need this key to be fetched from other places where the API calls are happening .Please suggest an approach to do it, I tried to add this key to claims and to retrieve it but the key is missing in claims when I try to fetch it
public async Task<string> StoreAsync(AuthenticationTicket ticket)
{
string Key = Guid.NewGuid().ToString();
//inserting key,TicketString,TicketExpiry to database
return Task.FromResult(key);
}
public Task RenewAsync(string key, AuthenticationTicket ticket) {
//inserting key,TicketString,TicketExpiry to database
}
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
/*
OtherProperties
*/
SessionStore = new SqlAuthenticationSessionStore(ticketFormat,db_connectionString)
}
2 answers
Sort by: Most helpful
-
-
SurferOnWww 3,801 Reputation points
Feb 23, 2025, 12:53 AM its an MVC app
I recommend that you use the ASP.NET Identity. The following articles will be helpful to add the key as a claim to the ClamsIdentity:
- Adding custom claim not working in asp.net core identity
- Adding extra claims in ASP.NET Core web applications
If you enable the Role in the ASP.NET Identity, please use the
UserClaimsPrincipalFactory<TUser,TRole>
instead ofUserClaimsPrincipalFactory<TUser>
.