如何保持饼干MCV5 / OWIN更新索赔 [英] How to hold the cookies claims updated with MCV5/OWIN
问题描述
我们正在制作一个OWIN MVC5项目。我们使用自己的实现 IUserStore&LT的; T> 来整合用户管理这是我们的企业框架的一部分。到目前为止,这工作正常。
我们希望通过提供索赔角色成员等安全配置。我所看到的(和快速测试)一个实现的方法 IUserClaimStore< T> 或连接到的 ClaimsIdentityFactory 的UserManager。
We’re working on an OWIN MVC5 project. We use an own implementation of IUserStore<T> to integrate the user-management which is part of our companies framework. So far this works fine.
We want to provide role membership and other security configuration through claims. I have seen (and quickly tested) the ways of either implementing IUserClaimStore<T> or of attaching a ClaimsIdentityFactory to the UserManager.
在这两种情况下,我看到了索赔被保存在用户的cookie的问题,当一个角色或Web应用程序背后另有要求的变化(通过直接访问用户管理的存储其他应用程序),用户的cookie包含旧索赔,并且用户过多或过少的权限比她应该有。
In both scenarios, I see the issue that the claims are stored in the user’s cookie and when a role or another claim changes behind the web app (through another application which directly accesses the storage of the user management), the users cookie contains the old claims and the user has too much or too less permissions than she ought to have.
这是我脑子里浮现一种可能性是,以检查在每一个请求或在一定的时间间隔要求,如果用户要求的后端配置已经改变,如果是,刷新用户的cookie。
A possibility that came into my mind is, to check at every request or at requests in some time interval, if the backend-configuration of the users claims has been changed, and if yes, to refresh the users cookie.
这是正确的做法还是MVC5 / Owin腾出一个更优雅/有效的方式来满足这一要求。如果它是正确的也是唯一的办法,哪里会是最有效的地方,检查并刷新饼干信息?
Is this the right approach or does MVC5/Owin spare a more elegant/efficient way to comply with this requirement. If it is the right and only approach, where would be the most efficient place to check and refresh the cookies information?
推荐答案
我们添加了这个功能,2.0,这里是你将如何配置CookieMiddleware得到新鲜的索赔,每30分钟(regenerateIdentity应该打电话到code你用来为用户生成的ClaimsIdentity当他们登录,并validateInterval控制regenerateIdentity多久调用,但只有当旧Cookie仍然有效)
We added this feature to 2.0, here's how you would configure the CookieMiddleware to get fresh claims every 30 minutes (regenerateIdentity should call into the code that you use to generate the ClaimsIdentity for users when they sign in, and validateInterval controls how often regenerateIdentity is called, but only if the old cookie is still valid)
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
这篇关于如何保持饼干MCV5 / OWIN更新索赔的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
