brockallen
commented
9 years ago You want to track the user in your web application? Issue a cookie -- ASP.NET has lots of support for that.
Closed cotepatrice closed 9 years ago
brockallen
commented
9 years ago You want to track the user in your web application? Issue a cookie -- ASP.NET has lots of support for that.
cotepatrice
commented
9 years ago What should I put in that cookie ? For now I use FormsAuthentication.SetAuthCookie(userName, false) but I don't even know what it actually keep in it. MSDN documentation is quite thin on the subject...
brockallen
commented
9 years ago cotepatrice
commented
9 years ago Ah ! Thanks Brock ! That was exactly the kind of thing I was looking for to get me started. I give it a try and close the thread if I don't need anything else.
Hi !
We use the excellent Thinktecture IdentityServer v2 to manage our authentication. I'd like to manage an ASP.NET MVC4 web application connection with the informations (claims) returned in the token by Identity Server. For now, I just set the authorization cookie with the username when the OAuth2Client.RequestResourceOwnerPasswordAsync() returns an AccessToken. I don't even validate it (which would set the ClaimsPrincipal.Current) because it's purpose is to be used on another web API I call later, so it's validated in this web API.
If I validate the token and set ClaimsPrincipal.Current.Identity to the the one I get, what is the mechanism to retreive it on every call ? Do I have to cache the token and valide it again on every request to get it ?
The purpose of all this would be to get my claims on the wep app side so I could apply authorization filters based on them.
Thanks !