Home ASP.NET Identity and validation of a custom claim
Reply: 0

ASP.NET Identity and validation of a custom claim

user963
1#
user963 Published in May 21, 2018, 11:18 am

I am using ASP.NET Identity with MVC, and I set a sessionId (GuId string) on each logged in user for each one of his devices. The idea is that a user can remove device sessions, and then that device will not be logged in anymore (as it is done in dropbox, and google).

Currently, I set this sessionId as a claim in ASP.NET Identity, so it is passed in the authentication cookie.

For Authenrication I use ASP.NET Identity as the samples: app.UseCookieAuthentication(new CookieAuthenticationOptions{....

My questions:

  1. Is setting my sessionId to the claims the right approach here?

  2. Also, where in the whole authentication process can I validate the claim of that sessionId?

  3. My current idea is to validate this sessionId against a database table for each request. Should I use Request.Sessions to store the sessionId instead, or any other idea here?

Thanks,

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.338981 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO