Does ASP.NET Core Identity uses Sessions for authentication?
Question
Does ASP.NET Core 3.1/5 Identity uses Sessions for authentication? I know it uses cookie to store user information on the client machine for next requests, but thing which i don't understand is that, is only cookie enough or does it also created any session for this authentication cookie on the server?
2 answers
solution1
2 ACCPTED 2020-12-21 09:25:02
By default, Asp.net core Identity is cookie based, the user's identity stored in a cookie. You could check the following links to configure ASP.NET Core Identity.
Configure ASP.NET Core Identity
Generally, using cookie is enough, after the browser session closed (close the browser), it will clear the cookie, and if reopen the website, we have to login again.
If you want to use session to store the user identity, you could set the CookieAuthenticationOptions.SessionStore property to configure the authentication provider options.
The SessionStore property is an optional container in which to store the identity across requests. When used, only a session identifier is sent to the client. This can be used to mitigate potential problems with very large identities.
More detail information about using SessionStore, you can refer the following articles:
solution2
0 2020-12-18 09:37:11
In the Identity framework you have got an extra table named dbo.AspNetUserTokens where the user Tokens are stored.
With that it is possible to verify the token that the browser sent during the request.
There is also a method by which you don't actually need a token on the server. For that have a look at: https://jwt.io/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.