Thursday, July 17, 2014

I'm realizing now that something put into the cache in C# is globally accessible to every browser hitting the web application.

It's really the wrong place to keep user identity data. In an ASP.NET MVC Web API implementation, perhaps one could use Session in an MVC Controller to keep a key (in the shape of a GUID perhaps) for a user. This Session unique key could then be used to put stuff into the cache and fish it back out again. The Session unique key would have to be explicitly handed into an ApiController as a variable for there is no Session to be had there. Hmmm. How to share user identity between MVC Controllers and ApiControllers painlessly? Tricky challenge.

No comments:

Post a Comment