Reputation: 1061
Managing Permissions with Azure AD B2C
I want to use azure active directory B2C in my application. I will have a lot of permissions like for example a certain user is allowed to read a table/write to the table etc. This could be hundreds of permissions if not thousands if the applications gets bigger. Should I use claims for this or would it be better to store this in a database?
Is there a limit on the amount of claims? Are there downsides of using too many claims (like Kerberos token bloat in active directory on premise)?
Upvotes: 4
Views: 670
Answers (1)
Reputation: 10656
Yes, there is a limit to the amount of claims you can send. Claims are sent in the token which is included in the request header. Both browsers and web servers have a max header size.
- For browser limits see: Can HTTP headers be too big for browsers?
- For web server limits see: Maximum on http header values?
Also, since you need to include the token in every authenticated API call, you'd be bloating every request adding unnecessary latency to your application.
Note: This is not specific to Azure AD B2C.
Upvotes: 4
Related Questions
- Roles & Permissions in Azure Active Directory for Application Use
- Azure B2C Claims Based Authentication and Custom Claims
- Manage/Change/Add user claims in azure B2C
- Azure B2C Authorisation (Not Authentication)
- Azure B2C include application permissions as claims in the Token
- Azure AD B2C :: Roles claim is missing in access token
- Azure AD B2C claims transformation
- Azure Active Directory B2C Custom Roles and Policies
- azure ad b2c graph api permissions
- Claims in Azure Active Directory B2C