如何在Asp.Net身份大型饼干分离成较小的,让许多索赔? [英] How to separate large cookies in Asp.Net Identity into a smaller ones to allow MANY claims?
问题描述
我工作的一个原型,我们的MVC应用程序基于声明的授权。我们使用Asp.Net的身份进行验证。
I'm working on a prototype of a claims-based authorisation for our MVC application. We use Asp.Net Identity for authentication.
我们想对每一个控制器动作索赔,然后给/拿走用户的要求,所以我们可以选择谁可以去的地方非常精细的控制。
We would like to have a claim for every controller action and then give/take away users' claims so we have a very fine control over who can go where.
我们的应用程序已经有800多个动作和持续增长。我做了一个小测试应用程序,看看这个数字索赔可以处理。而碰到一个问题:饼干被限制在4092个字节。
Our application already has 800+ actions and keeps growing. I have made a little test app to see how this number of claims can be handled. And run into a problem: cookies are limited to 4092 bytes.
和具有大量的索赔增加了身份认证的cookie。短名称/值约600债权(5个字符每个)给我饼干大小超过4K和用户这个数字索赔只是无法登陆 - Cookie无法在浏览器设置
And having a large number of claims increases Identity Authentication cookie. About 600 claims with short names/values (5 chars each) give me cookie sized over 4K and user with this number of claims just can't login - cookie can't be set in a browser.
和600索赔不是我们的应用程序的限制。我们可能会需要更多的。
And 600 claims is not a limit for our app. We'll probably need more than that.
有没有办法来AUTH-饼干分成几个小饼干?
P.S。如果你很好奇,这里是我的<一个href=\"https://github.com/trailmax/ClaimsAuthorisation/blob/master/ClaimsAuth/Controllers/ProfilerController.cs\"相对=nofollow> code索赔探查该项目的其余一起
p.s. If you are curious, here is my code for claims "profiler" along with the rest of the project.
p.p.s。我知道大的cookie的性能影响。不用担心它刚才。
p.p.s. I know about performance implications of large cookies. Not to worry about it just now.
更新目前还没有现成的解决方案,以我的回答。但它看起来像我不是唯一一个有这个问题。 Microsoft.Owin 正在处理中,auth-的cookie。和电流源$ C $ C为Owin.Cookies有<一个href=\"https://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin/Infrastructure/ChunkingCookieManager.cs\"相对=nofollow> ChunkingCookieManager 是默认的<一个分配href=\"https://katanaproject.$c$cplex.com/SourceControl/latest#src/Microsoft.Owin.Security.Cookies/CookieAuthenticationMiddleware.cs\"相对=nofollow> CookieAuthenticationMiddleware 。
Update Currently there is no out of the box solution to my answer. But it looks like I'm not the only one with this problem. Microsoft.Owin is handling the auth-cookie. And current source code for Owin.Cookies has ChunkingCookieManager which is assigned by default in CookieAuthenticationMiddleware.
坏消息,这code是非常新鲜的(检查了2014年7月,只有20天的10日)。它是可以通过的NuGet 微软.Owin.Security.Cookies 的。不知道我想在生产现场使用RC2。
Bad news that this code is very fresh (was checked in on 10th of July 2014, only 20 days old). It is available through pre-release of nuget Microsoft.Owin.Security.Cookies. Not sure I'd want to use RC2 in production site.
任何其他方式?
推荐答案
我还没有解决直接的问题。 Cookie是太大,它仍将有大量大量或索赔。 Owin V3.0(目前在RC2,不生产就绪)有办法块饼干分成较小的。但是大的cookie是有害的。所以,我保持索赔只有服务器端。
I have not solved the direct question. Cookie is too large and it will remain large with large number or claims. Owin v3.0 (Currently in RC2, not production-ready) has a way to chunk the cookies into smaller ones. But large cookies are just bad. So I'm keeping claims only server-side.
我对身份论坛一个讨论和发现的这个问题从而彻底解决了我的问题。立足的问题,我做我自己的解决方案,并试制出小MVC应用程序: https://github.com/trailmax / ClaimsAuthorisation 。
I had a discussion on Identity forum and found this question which addresses my questions completely. Basing the question, I've done my own solution and prototyped a little MVC app: https://github.com/trailmax/ClaimsAuthorisation.
解决方案的核心是在<一个href=\"https://github.com/trailmax/ClaimsAuthorisation/blob/master/ClaimsAuth/App_Start/Startup.Auth.cs#L38-L55\"相对=nofollow>启动程序并有<一个href=\"https://github.com/trailmax/ClaimsAuthorisation/blob/master/ClaimsAuth/Infrastructure/Identity/ClaimsAuthorisationFilter.cs\"相对=nofollow> MVC过滤器来检查,如果需要的索赔可供用户。
The core of the solution is in Startup routine and there is a MVC filter that checks if the required claims are available for the user.
这篇关于如何在Asp.Net身份大型饼干分离成较小的,让许多索赔?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
