问题
Are there any major advantages of using OWIN cookie-based authentication over Forms Authentication cookie-based authentication for developing MVC web applications?
The reason I ask is that I would not be using any of the Entity Framework based hooks for OWIN authentication. I've built apps based on Forms Authentication for years and have been able to do things like create different authentication tokens for admins (faster timeouts), anonymous users, and registered users. Using the UserData portion of the ticket I was able to implement universal sign out, store custom properties, etc.
One of the advantages to OWIN might be testability, but I'm not sure. The ClaimsIdentity is kind of nice because I can easily store and access custom fields without having to serialize/deserialize the properties into UserData. Other things I should consider?
回答1:
Cookie authentication middleware can run in any OWIN host including IIS, whereas FormsAuthenticationModule can run only in IIS+ASP.NET. If you have a present or future need for hosting in different types of hosts, CAM is a better option. Another feature middleware has but not FAM is, the cookie chunking. If your user data is big enough for the cookie to be over the allowed size limit, browsers simply stop sending the authentication cookie whereas the middleware chunks big cookies into multiple small cookies and reassembles them on receipt.
来源:https://stackoverflow.com/questions/26179352/owin-cookies-vs-formsauthentication