Configure Caching with the Auth0 ASP.NET Core Authentication SDK

Knowledge Articles
,
1

Last Updated: Dec 3, 2024

Overview

This article details how to configure Angular SPA with an ASPNetCore API backend to use shared storage (redis cache) for the user principal, etc., in the new SDK.

Applies To

  • Auth0 ASP.NET Core Authentication SDK
  • Angular SPA
  • ASPNetCore API

Solution

In the SDK, we register the cookie middleware and use the default config, but it is still possible to configure the cookie middleware. To configure the Microsoft.AspNetCore.Authentication.Cookie middleware to use a session:

public void ConfigureServices(IServiceCollection services)
{
     services
               .AddAuth0WebAppAuthentication(PlaygroundConstants.AuthenticationScheme, options =>
               {
                   options.Domain = Configuration["Auth0:Domain"];
                   options.ClientId = Configuration["Auth0:ClientId"];
                   options.ClientSecret = Configuration["Auth0:ClientSecret"];
               });
     // Configure a custom ITicketStore to store the Identity Information on the server
     services.AddTransient<ITicketStore, CustomInMemoryTicketStore>();
     // Configure the Cookie Middleware to use the CustomInMemoryTicketStore
     services.AddSingleton<IPostConfigureOptions<CookieAuthenticationOptions>, ConfigureCookieAuthenticationOptions>();
}

and

public class ConfigureCookieAuthenticationOptions
  : IPostConfigureOptions<CookieAuthenticationOptions>
    {
        private readonly ITicketStore _ticketStore;

        public ConfigureCookieAuthenticationOptions(ITicketStore ticketStore)
        {
            _ticketStore = ticketStore;
        }

        public void PostConfigure(string name,
                 CookieAuthenticationOptions options)
        {
            options.SessionStore = _ticketStore;
        }
    }

Every request will then call the below TicketStore’s “RetrieveAsync” method:

public class CustomInMemoryTicketStore : ITicketStore
    {
        private readonly IMemoryCache _cache;

        public CustomInMemoryTicketStore(IMemoryCache cache)
        {
            _cache = cache;
        }

        public Task RemoveAsync(string key)
        {
            _cache.Remove(key);

            return Task.CompletedTask;
        }

        public Task<AuthenticationTicket> RetrieveAsync(string key)
        {
            var ticket = _cache.Get<AuthenticationTicket>(key);

            return Task.FromResult(ticket);
        }

        public Task RenewAsync(string key, AuthenticationTicket ticket)
        {
            _cache.Set(key, ticket);

            return Task.CompletedTask;
        }

        public Task<string> StoreAsync(AuthenticationTicket ticket)
        {
            var key = ticket.Principal.Claims
              .First(c => c.Type == "sid").Value;

            _cache.Set(key, ticket);

            return Task.FromResult(key);
        }
    }

NOTE: The above TicketStore simply stores in memory, but shows how to add in a session layer by configuring the Microsoft.AspNetCore.Aurthentication.Cookies middleware.