I have an ASPNET CORE 2.0 website that is published to a web server farm. I am using Identity Role/User claims for authorization. I have a large number of claims associated with the logged in user, which is bloating the size of the application cookie. I see a few techniques for dealing with this situation, but am unsure what path to take.
ClaimsTransformer: create a custom DB store outside of the Identity Role/User claims tables and load the claims on TransformAsync. I'm not sure if there is a better solution that doesn't involve a DB call every round trip to the server.ApplicationCookie. I'm not sure if this will resolve the bloated cookie issue.[Authorize])How do I use Claims Based Identity across multiple web servers when the user has a large number of claims?
答案 0 :(得分:2)
Cookie大小基本上是反对“一切作为主张”的最强烈论据,而且很不幸,因为该模型效果很好,否则(我一直在你的位置)。正如您所怀疑的那样,最好的方法是将您的声明限制在最低限度,并使用标识(主题ID)根据需要从数据库中检索更详细的特定于应用程序的信息。
如果担心数据库响应时间,则基本上回到有状态会话数据。微软可能会指导您进行Redis内存缓存。不确定这是否是亚马逊的一个选项,我使用Azure。
我尝试了ClaimsTransformer例行程序,但它变成了一个更大的麻烦,不断解决“这个真的一个声明还是我们正在视为一个主张?”而不仅仅是将实际IDP索赔的持久性/检索与内部应用程序级用户数据分开。