How to store user data on the server instead of cookies using Windows Identity Foundation

764 views Asked by At

I'm working on an MVC application using WIF.

I'm trying to store some session variables in a ClaimsIdentity using something like:

ClaimsIdentity identity = HttpContext.User.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("foo", "bar"));

This seems to store everything in a cookie.

I'm trying to figure out how I could store this data on the server. I looked around, but didn't manage to find anything really useful (I'm a total newbie when it comes to WIF).

Is there an easy way to do that ?

1

There are 1 answers

0
Ben Griffiths On

You can set the authentication module to reference mode in order to have it store the claims in the session on the server - this way, the cookie simply contains an identifier mapping back to the claim.

The easiest way to do this is by handling the SessionSecurityTokenCreated event and setting a property on the token at the point that it is created, which can be done by implementing the following method within your global.asax:

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e) {
    e.SessionToken.IsReferenceMode = true;
}

For reference, see the WIF Session Management overview on msdn