1

I'm working on an MVC application using WIF.

I'm trying to store some session variables in a ClaimsIdentity using something like:

ClaimsIdentity identity = HttpContext.User.Identity as ClaimsIdentity;
identity.AddClaim(new Claim("foo", "bar"));

This seems to store everything in a cookie.

I'm trying to figure out how I could store this data on the server. I looked around, but didn't manage to find anything really useful (I'm a total newbie when it comes to WIF).

Is there an easy way to do that ?

xlecoustillier
  • 16,183
  • 14
  • 60
  • 85
  • 1
    is this similar to what you are wanting to do?? take a look at this previous SO posting http://stackoverflow.com/questions/21404935/mvc-5-access-claims-identity-user-data – MethodMan Nov 13 '14 at 16:53
  • @DJKRAZE I don't think so, unless I missed something, this doesn't address the storage medium (cookie vs server). – xlecoustillier Nov 13 '14 at 17:13
  • I think that you could implement something similar and store it on the Client side from what it looked liked the code in the link was doing.. can you not just store it in a Session Object..? – MethodMan Nov 13 '14 at 17:17

1 Answers1

2

You can set the authentication module to reference mode in order to have it store the claims in the session on the server - this way, the cookie simply contains an identifier mapping back to the claim.

The easiest way to do this is by handling the SessionSecurityTokenCreated event and setting a property on the token at the point that it is created, which can be done by implementing the following method within your global.asax:

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e) {
    e.SessionToken.IsReferenceMode = true;
}

For reference, see the WIF Session Management overview on msdn

Ben Griffiths
  • 1,676
  • 15
  • 13