我可以在ITicketStore中使用MemoryCache来存储AuthenticationTicket吗?
背景:我的web应用程序正在使用Cookie认证:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString("/Authentication/SignIn"),
LogoutPath = new PathString("/Authentication/SignOut"),
ReturnUrlParameter = "/Authentication/SignIn"
});
我的web api使用访问令牌(OAuth2)处理授权过程。
有时(在某些浏览器上)会抛出以下异常:
发生未处理的异常:分块cookie不完整。只找到了预期的2个块中的1个,总共4021个字符。可能已超过客户端大小限制。
饼干显然太大了。这很奇怪,因为我没有使用很多声明。它们都是默认声明(nameidentifier, nonce, exp等)。我现在正试图在CookieAuthenticationOptions上实现我自己的ITicketStore作为SessionStore。AuthenticationTicket将存储在MemoryCache中(如本示例中)。我对整个主题非常陌生,不确定,如果这是一个好方法,如果MemoryCache是一个有效的解决方案。
可以在
ITicketStore中使用MemoryCache来存储AuthenticationTicket吗?
当然,这是我使用了将近一年的实现。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "App.Cookie",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString("/Authentication/SignIn"),
LogoutPath = new PathString("/Authentication/SignOut"),
ReturnUrlParameter = "/Authentication/SignIn",
SessionStore = new MemoryCacheStore(cache)
});
MemoryCacheStore的实现看起来像这样,它遵循您分享的示例:
public class MemoryCacheStore : ITicketStore
{
private const string KeyPrefix = "AuthSessionStore-;
private readonly IMemoryCache _cache;
public MemoryCacheStore(IMemoryCache cache)
{
_cache = cache;
}
public async Task<string> StoreAsync(AuthenticationTicket ticket)
{
var key = KeyPrefix + Guid.NewGuid();
await RenewAsync(key, ticket);
return key;
}
public Task RenewAsync(string key, AuthenticationTicket ticket)
{
// https://github.com/aspnet/Caching/issues/221
// Set to "NeverRemove" to prevent undesired evictions from gen2 GC
var options = new MemoryCacheEntryOptions
{
Priority = CacheItemPriority.NeverRemove
};
var expiresUtc = ticket.Properties.ExpiresUtc;
if (expiresUtc.HasValue)
{
options.SetAbsoluteExpiration(expiresUtc.Value);
}
options.SetSlidingExpiration(TimeSpan.FromMinutes(60));
_cache.Set(key, ticket, options);
return Task.FromResult(0);
}
public Task<AuthenticationTicket> RetrieveAsync(string key)
{
AuthenticationTicket ticket;
_cache.TryGetValue(key, out ticket);
return Task.FromResult(ticket);
}
public Task RemoveAsync(string key)
{
_cache.Remove(key);
return Task.FromResult(0);
}
}