diff --git a/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs b/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs index a0f23866b..96fcdd15d 100644 --- a/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs +++ b/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs @@ -44,7 +44,8 @@ public static IAppBuilder ConfigureCookieAuthentication(this IAppBuilder app, Co ExpireTimeSpan = options.ExpireTimeSpan, SlidingExpiration = options.SlidingExpiration, CookieSecure = GetCookieSecure(options.SecureMode), - TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType)) + TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType)), + SessionStore = GetSessionStore(options.SessionStoreProvider) }; app.UseCookieAuthentication(primary); @@ -116,5 +117,10 @@ private static CookieSecureOption GetCookieSecure(CookieSecureMode cookieSecureM throw new InvalidOperationException("Invalid CookieSecureMode"); } } + + private static IAuthenticationSessionStore GetSessionStore(IAuthenticationSessionStoreProvider provider) + { + return provider != null ? new AuthenticationSessionStoreWrapper(provider) : null; + } } } \ No newline at end of file diff --git a/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs b/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs new file mode 100644 index 000000000..d89823b1a --- /dev/null +++ b/source/Core/Configuration/AuthenticationSessionStoreWrapper.cs @@ -0,0 +1,38 @@ +namespace IdentityServer3.Core.Configuration +{ + using System.Threading.Tasks; + + using Microsoft.Owin.Security; + using Microsoft.Owin.Security.Cookies; + + internal class AuthenticationSessionStoreWrapper : IAuthenticationSessionStore + { + private readonly IAuthenticationSessionStoreProvider provider; + + public AuthenticationSessionStoreWrapper(IAuthenticationSessionStoreProvider provider) + { + this.provider = provider; + } + + public Task StoreAsync(AuthenticationTicket ticket) + { + return this.provider.StoreAsync(new AuthenticationTicketModel(ticket)); + } + + public Task RenewAsync(string key, AuthenticationTicket ticket) + { + return this.provider.RenewAsync(key, new AuthenticationTicketModel(ticket)); + } + + public async Task RetrieveAsync(string key) + { + var ticket = await this.provider.RetrieveAsync(key); + return ticket == null ? null : ticket.ToAuthenticationTicket(); + } + + public Task RemoveAsync(string key) + { + return this.provider.RemoveAsync(key); + } + } +} \ No newline at end of file diff --git a/source/Core/Configuration/AuthenticationTicketModel.cs b/source/Core/Configuration/AuthenticationTicketModel.cs new file mode 100644 index 000000000..92aa5d485 --- /dev/null +++ b/source/Core/Configuration/AuthenticationTicketModel.cs @@ -0,0 +1,42 @@ +namespace IdentityServer3.Core.Configuration +{ + using System.Collections.Generic; + using System.Security.Claims; + + using Microsoft.Owin.Security; + + /// + /// A model class represending an authentication ticket + /// + public class AuthenticationTicketModel + { + /// + /// Instantiates an instance of authentication ticket + /// + public AuthenticationTicketModel(ClaimsIdentity identity, IDictionary properties) + { + this.Identity = identity; + this.Properties = properties; + } + + internal AuthenticationTicketModel(AuthenticationTicket ticket) + : this(ticket.Identity, ticket.Properties.Dictionary) + { + } + + /// + /// The claims identity of the authentication ticket + /// + public ClaimsIdentity Identity { get; private set; } + + /// + /// Authentication ticket properties + /// + public IDictionary Properties { get; private set; } + + internal AuthenticationTicket ToAuthenticationTicket() + { + return new AuthenticationTicket(this.Identity, new AuthenticationProperties(this.Properties)); + } + } +} \ No newline at end of file diff --git a/source/Core/Configuration/CookieOptions.cs b/source/Core/Configuration/CookieOptions.cs index ca88625e6..21c1a327e 100644 --- a/source/Core/Configuration/CookieOptions.cs +++ b/source/Core/Configuration/CookieOptions.cs @@ -100,5 +100,11 @@ public CookieOptions() /// The secure. /// public CookieSecureMode SecureMode { get; set; } + + /// + /// An optional container in which to store the identity across requests. When used, only a session identifier is sent + /// to the client. This can be used to mitigate potential problems with very large identities. + /// + public IAuthenticationSessionStoreProvider SessionStoreProvider { get; set; } } } diff --git a/source/Core/Configuration/IAuthenticationSessionStoreProvider.cs b/source/Core/Configuration/IAuthenticationSessionStoreProvider.cs new file mode 100644 index 000000000..be1397cbc --- /dev/null +++ b/source/Core/Configuration/IAuthenticationSessionStoreProvider.cs @@ -0,0 +1,39 @@ +namespace IdentityServer3.Core.Configuration +{ + using System.Threading.Tasks; + + /// + /// Providers the authentication session stores functions + /// + public interface IAuthenticationSessionStoreProvider + { + /// + /// Provides the remove functionality of session store + /// + /// Session key + /// Async task + Task RemoveAsync(string key); + + /// + /// Provides the renew functionality of session store + /// + /// Session key + /// Authentication ticket + /// Async task + Task RenewAsync(string key, AuthenticationTicketModel identity); + + /// + /// Provides the retrieve functionality of session store + /// + /// Session key + /// Async task with authentication ticket result + Task RetrieveAsync(string key); + + /// + /// Provides the store functionality of session store + /// + /// Authentication ticket + /// Async task with session key + Task StoreAsync(AuthenticationTicketModel ticket); + } +} \ No newline at end of file diff --git a/source/Core/Core.csproj b/source/Core/Core.csproj index 7b68a9f9e..06f5656a4 100644 --- a/source/Core/Core.csproj +++ b/source/Core/Core.csproj @@ -130,9 +130,12 @@ + + +