Caching in Microsoft.IdentityModel

When signing and verifying tokens, we create SignatureProviders using the CryptoProviderFactory. By default, these SignatureProviders are cached using a key composed of security key type, security key internal ID, algorithm, and type of SignatureProvider. If a SignatureProvider with the same key already exists, it is NOT replaced and a new one is NOT added.

Before version 6.8.1, a simple ConcurrentDictionary was used for caching signature providers. This meant that the cache had no size limit or eviction policies, and had the potential of overflowing.

In version 6.8.1, the cache was modified to have a size limit and to automatically evict entries upon reaching 95% of max capacity. On the netstandard2.0 target, Microsoft.Extensions.Caching.Memory.MemoryCache is used to achieve this. On the net45, net461, and net 472 desktop targets, we are using our own implementation of a simple LRU cache. The size limit of this cache can be modified by changing the value of SizeLimit on the CryptoProviderCacheOptions.

Overview

Conceptual Documentation

Common Exceptions

Frequently Asked Questions

Known Issues and Workarounds

IdentityModel 7x

IdentityModel 7x.

Caching in Microsoft.IdentityModel

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally