0

I created a class using IUserClaimsStore to set the claims after login: 

 public class TheUserStore : IUserStore<User>, IUserRoleStore<User>, IUserPasswordStore<User>, IUserClaimStore<User>

The problem is, when I have a user with multiple roles and permissions, storing my claims no longer works and there are cookies stored that produce a "request too long" error. They look like this:

-

Is there a way to tell c# not to store those informations in cookies or any other way to prevent this problem?

I haven't been working with c# for a long time so I'm at a loss here.

Thanks!

Chi
  • 1,320
  • 1
  • 14
  • 48

1 Answers1

0

Ok, not sure if this is the correct answer, but I found a way to stop .net core from storing all that information in cookies. In the startup.cs I add the following line: 

services.AddScoped<IUserClaimsPrincipalFactory<User>, AppClaimsPrincipalFactory>();

And then I created the AppClaimsPrinzipalFactory.cs which contains the following: 

public class AppClaimsPrincipalFactory : UserClaimsPrincipalFactory<User, Role> {
    public AppClaimsPrincipalFactory(UserManager<User> userManager, RoleManager<Role> roleManager, IOptions<IdentityOptions> optionsAccessor)
           : base(userManager, roleManager, optionsAccessor) {
    }
    public override async Task<ClaimsPrincipal> CreateAsync(User user) {
        if (user == null) {
            throw new ArgumentNullException(nameof(user));
        }
        var userId = await UserManager.GetUserIdAsync(user);
        var userName = await UserManager.GetUserNameAsync(user);
        var id = new ClaimsIdentity("Identity.Application",
            Options.ClaimsIdentity.UserNameClaimType,
            Options.ClaimsIdentity.RoleClaimType);
        id.AddClaim(new Claim(Options.ClaimsIdentity.UserIdClaimType, userId));
        id.AddClaim(new Claim(Options.ClaimsIdentity.UserNameClaimType, userName));
        if (UserManager.SupportsUserSecurityStamp) {
            id.AddClaim(new Claim(Options.ClaimsIdentity.SecurityStampClaimType,
                await UserManager.GetSecurityStampAsync(user)));
        }

        // code removed that adds the role claims 
        if (UserManager.SupportsUserClaim) {
            var claims = await UserManager.GetClaimsAsync(user);
            id.AddClaims(claims);

        }

        return new ClaimsPrincipal(id);
    }

}

Not sure what exactly happens here but it works. Found this answer here: Recommended best practice for role claims as permissions

Chi
  • 1,320
  • 1
  • 14
  • 48