Do you use ASP.NET Core Identity or roll your own auth? The thing that bugged me... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mwcampbell on Aug 16, 2022 \| parent \| context \| favorite \| on: .NET 6 is now in Ubuntu 22.04 Do you use ASP.NET Core Identity or roll your own auth? The thing that bugged me about ASP.NET Core Identity when I looked in late 2020 was that it stores too much info in the cookie itself. So if a user logs in, and then their authorization details change, the cookie could become stale. I've come around to the conclusion that the cookie should just be an opaque identifier pointing to a database record on the server. Most of us aren't trying to optimize authorization for Google (or Microsoft) scale.

bob1029 on Aug 16, 2022 [–]

I DIY auth with .NET.

Every client gets 256 bits of entropy cookies which uniquely identify their “device”. The server will then deal with this as required to guide auth flows.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact