Token cache serialization

For web apps that call web APIs and web APIs that call downstream APIs, the library provides several token cache serialization methods:

Extension method	Microsoft.Identity.Web sub namespace	Description
AddInMemoryTokenCaches	TokenCacheProviders.InMemory	This implementation is great in samples. It's also good for production applications provided you don't mind if the token cache is lost when the web app is restarted. AddInMemoryTokenCaches takes an optional parameter of type MsalMemoryTokenCacheOptions that enables you to specify the duration after which the cache entry will expire unless it's used.
AddSessionTokenCaches	TokenCacheProviders.Session	This token cache is bound to the user session. This option isn't ideal if the ID token is too large because it contains too many claims as the cookie would be too large.
AddDistributedTokenCaches	TokenCacheProviders.Distributed	This token cache is for the ASP.NET Core IDistributedCache implementation, therefore enabling you to choose between a distributed memory cache, a Redis cache, a distributed NCache, Azure Cosmos DB or a SQL Server cache. For details about the IDistributedCache implementations, see Distributed Memory Cache documentation.

In-memory token cache

To use the in-memory token cache, update Startup.cs:

• add using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
• in the ConfigureServices(IServiceCollection services) method:
  • add the services.AddInMemoryTokenCaches(); after .EnableTokenAcquisitionToCallDownstreamApi();

Distributed token cache

Examples of possible distributed caches:

// or use a distributed Token Cache by adding
    services.AddMicrosoftIdentityWebAppAuthentication(Configuration);
            .EnableTokenAcquisitionToCallDownstreamApi(new string[] { scopesToRequest })
               .AddDistributedTokenCaches();

// and then choose your implementation

// For instance the distributed in memory cache (not cleared when you stop the app)
services.AddDistributedMemoryCache()

// Or a Redis cache
services.AddStackExchangeRedisCache(options =>
{
 options.Configuration = "localhost";
 options.InstanceName = "SampleInstance";
});

// Or a Cosmos DB cache
services.AddCosmosCache((CosmosCacheOptions cacheOptions) =>
{
    cacheOptions.ContainerName = Configuration["CosmosCacheContainer"];
    cacheOptions.DatabaseName = Configuration["CosmosCacheDatabase"];
    cacheOptions.ClientBuilder = new CosmosClientBuilder(Configuration["CosmosConnectionString"]);
    cacheOptions.CreateIfNotExists = true;
});

// Or even a SQL Server token cache
services.AddDistributedSqlServerCache(options =>
{
 options.ConnectionString = _config["DistCache_ConnectionString"];
 options.SchemaName = "dbo";
 options.TableName = "TestCache";
});

Session token cache

To use the session token cache, update Startup.cs:

• add using Microsoft.Identity.Web.TokenCacheProviders.Session;
• in the ConfigureServices(IServiceCollection services) method:
  • add the services.AddSessionTokenCaches(); after .EnableTokenAcquisitionToCallDownstreamApi();
• in the Configure(IApplicationBuilder app, IWebHostEnvironment env)
  • add app.UseSession(); before app.UseAuthentication();

Note: Because session token caches are added with scoped lifetime, they should not be used when TokenAcquisition is also used as a singleton (for example, when using Microsoft Graph SDK).

Managing the expiry

To manage the expiry, you can change the propeorties of the MsalDistributedTokenCacheAdapterOptions. For instance

In appsettings.json you could add a new section

  "RedisOptions": {
    "AbsoluteExpirationRelativeToNow":  "72:00:00"
  }

Which is then referenced in the startup.cs file:

services.Configure<MsalDistributedTokenCacheAdapterOptions>(Configuration.GetSection("RedisOptions"));