WIF Security Token Caching

Question

I have a site that is a relying party to our WIF-based custom STS. We recently implemented a Security Token Cache as described here: Azure/web-farm ready SecurityTokenCache

Answer 1

This should be done if the number of claims in the token or the total size of the token is too big to be transfered back and forth in cookies. If that is not the case, then simplify your solution and just use the default setting that uses cookies. You shuold however, use certificate based cookie encryption, so it is still "farm friendly". By default WIF will enrcrypt using DPAPI that has machine affinity.