How to deal with claims which are expired

Question

Building an ASP.NET MVC app with ASPNET identity with claim based authorization, wondering what should happen when an claim is expired.

e.g. In my claims, i stored a person's claim as claimtype ="Capability", claimvalue = "driver"

If this person's driver license is expired or withdrawn, then person should not have a claim of "driver".

In my system, normally nothing is deleted. So I would like to mark this claim as InActive(Boolean). However, the table ASPNET Identity provisioned doesn't have this column. So what I should do in this case?

Thanks.

Answer 1

The claims issued in the cookie are a snapshot of the claims at login time. If they change then you'd need to detect this on every request into the app and issue a new cookie. There's an event on the cookie authentication middleware provider called OnValidateIdentity where you can do this.