I'm working on an MVC application using WIF.
I'm trying to store some session variables in a ClaimsIdentity
using something like:
ClaimsIdentity identity = HttpContext.User.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("foo", "bar"));
This seems to store everything in a cookie.
I'm trying to figure out how I could store this data on the server. I looked around, but didn't manage to find anything really useful (I'm a total newbie when it comes to WIF).
Is there an easy way to do that ?
You can set the authentication module to reference mode in order to have it store the claims in the session on the server - this way, the cookie simply contains an identifier mapping back to the claim.
The easiest way to do this is by handling the
SessionSecurityTokenCreated
event and setting a property on the token at the point that it is created, which can be done by implementing the following method within yourglobal.asax
:For reference, see the WIF Session Management overview on msdn