stackoom
  简体   繁体   中英

Adding Application Specific claim after Web API Authentication (Identity Server)

 原文  2017-06-19 18:20:08       identityserver3/ identityserver4/ thinktecture-ident-server/ thinktecture

Question

I am adding application specific claims in my Web Application OnValidateIdentity to Identity Sever's access token claims. I am grabbing the application specific claims for the logged in user querying the Database for every API call. Should I make the application specific claims to be injected in the token in Identity Server (to reduce the DB calls)?

1 answers

solution1
 1  2017-06-20 03:50:22

Identity Server Token should only contain claims about the user. It should be ok to query the application specific claims when the token received. You can introduce a caching layer to reduce DB calls if that is a concern.

But if you have really valid reason these rules can be broken and add application-specific claims at identity server. (eg: settings shared by multiple apps).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Identity Server3 Authentication for both Mobile and Web Application Implementing identity server behind web api owin authentication How to secure web api with Identity Server 3 Identity Server Partial Login and get the Email Claim Identity Server and web api for user management Identity Server 3 Authentication/Authorization protect asp.net web api 2 project with identity server 4 Problem on CORS configuration with Web Api 2, OWIN and Identity Server .net 4.6 web api2 401 Unauthorized with identity server 4 SSO with application specific claim roles and authorization
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM