Azure Active Directory TokenCache based on Entity Framework DB (issue in MS code)

Posted 30 June 2017 12:00 AM by Luis Máñez, SharePoint and Cloud Solution Architect @ ClearPeople

If you’re working with secure web applications with Azure Active Directory, you’re probably working with ADAL. ADAL has its own Token Cache (wonderfully explained in this post from the father of ADAL, Vittorio Bertocci. The Token Cache included in ADAL, it’s only suitable for native applications because it works “in memory”, so this will be a problem sooner or later for web applications. Fortunately, with ADAL v2, we can implement our own token cache, just inheriting from the TokenCache class. In fact, there’re a couple of examples in the same post of Vittorio, and one of them is based on SQL Server with Entity Framework. Therefore, it can be used perfectly for web applications.

This same code of TokenCache based on DB is in several examples in the GitHub of Azure AD, like this one, as well as in a bunch of articles, “around the web”.

Well, I’m far from being an expert on Entity Framework, but given the tests that I have made with my limited knowledge about EF, that code has an issue that can cause problems in some scenarios. The problem is in the next method fragment “AfterAccessNotification” 

Azure Active Directory

As you can see, if a new object is being created all the time “PerWebUserCache”, a new item will be always added in the Table, and it will never update the existing one. This can cause us issues later, when the cache is checked and the token is returned for the user, because it can return a Token already expired.

I’m not the first one detecting the issue, since there’s already an existing issue in GitHub , but MS hasn’t fixed it yet.

I have created a Pull Request trying to fix the issue, and it’s waiting for approval. For now, I leave you here the complete class code.

As you can see, the fix consists on checking if we already have the DB record loaded and if that’s the case, we update the serialized Token, and the last write date. If not, then we create a new record.

I hope this helps, and if you’re experts in EF and you have a better way of fixing it, leave a comment, please!

Share:

Add your comment

 
 

 

Archive

Tagcloud

Digital Transformation employee engagement staff satisfaction productivity Microsoft Teams Office 365 Yammer cms content management system agile GDPR Microsoft Graph collaboration Microsoft sharepoint 2016 upgrade migration SharePoint Online 2016 Tech Trends Digital Disruption Context marketing marketing SharePoint 2010 SharePoint 2013 TFS Git security kentico Analytics intranet jquery QA Quality Assurance testing digital workspace content management websites Sitecore sitecore marketplace sitecore module cloud Microsoft Cloud Storage digital strategy technical consulting sitecore modules Experience database Sitecore 7 Sitecore 8 support account management customer experience Data Storage windows azure cms integration front end front end development prototype Cloud Storage StorSimple Front-end Development Layout SharePoint 2013 colour palette UI design website design log viewer sitecore cms website Azure big data business-critical sharepoint accessibility android apple chrome clear people clearpeople debug emulator ios mobile testing opera resize adobe desktop flash ie10 internet explorer 10 metro windows 8 bcsp SharePoint Advanced System Reporter reporting framework ControlMode form control master page placeholder publishing console SharePoint 2007 SharePoint error search search results search values software testing testing scenario audit content information architecture retention schedules PowerShell QuickLaunch scripts SharePoint server 2010 business solutions metalogix replication replicator storagepoint stena technet UK Technet picture library slideshow web part RTM released to manufacturing caml caml query MOSS 2007 query infopath