This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 40%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Hi Team,
I have a scenario where in asp.net MVC application the session Key (GUID every time user logs in) is stored to a SQL database Table.
The below methods are used.
I need suggestions for two things
1.The underlying database Can have any number of fields other than Key, Ticketstring ,TicketExpiry.
is it an issue if I add more fields? As the table is handled by asp.net framework?
2.As part of session killing from external application I need to send this key to an API, but I need this key to be fetched from other places where the API calls are happening .Please suggest an approach to do it, I tried to add this key to claims and to retrieve it but the key is missing in claims when I try to fetch it
public async Task<string> StoreAsync(AuthenticationTicket ticket)
{
string Key = Guid.NewGuid().ToString();
//inserting key,TicketString,TicketExpiry to database
return Task.FromResult(key);
}
public Task RenewAsync(string key, AuthenticationTicket ticket) {
//inserting key,TicketString,TicketExpiry to database
}
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
/*
OtherProperties
*/
SessionStore = new SqlAuthenticationSessionStore(ticketFormat,db_connectionString)
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 59%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
A token is a string issued from a trusted source (authentication) that identifies a client. This allows the client to access secured resources (authorization) across disconnected systems that trust the token source.
Cookies and Session (which is also cookie based) are browser state management containers and having little to do with managing a token's lifetime across disconnected systems. Typically a token is invalidated by the token source. The disconnected machines check with the token server to verify the token is still valid.
Your tag is ASP.NET API. You mentioned "a scenario where in asp.net MVC application." Which is your app, MVC or Web API?
hi ,SurferOnWww
its an MVC app , MVC option was not available
I recommend that you use the ASP.NET Identity.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Storing the key as a claim is the correct approach. There should be no issue with adding custom claims with cookie authentication.