Home/ Questions/Q 6017553
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T03:08:42+00:00

We are developing an MVC app using STS. We used the WIF tools to

  • 0

We are developing an MVC app using STS. We used the WIF tools to create a simple STS app for development.

I would like to be able to set a sliding expiration in my token (in the RP).

I see code like here.

Unfortunately, this is the event handler and the example, while helpful, doesn’t show how to implement the handler!

In my global.asax, Application_Start() I have:

sam = new SessionAuthenticationModule();
        sam.SessionSecurityTokenReceived += 
            new EventHandler<SessionSecurityTokenReceivedEventArgs>(sam_SessionSecurityTokenReceived);

(sam is defined with a class scope.)

I’m not sure if this is correct. I do not know how to verify if the event was ever called because of debugging issues in global.asax.

Is there a more complete example somewhere of how to trap this event? Am I going about it the right way?

TIA! I appreciate the help!
Rich

Edit – well, I know that the event is not getting called because I put divide by zero code in the handler and the app did not throw an exception. I logged in thru my STS, so any token recieved event should have been fired.

Any help on how to do this would be greatly appreciated. thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since WIF only allows fixed length sessions, it requires reissuing the security token at which point you can set when the token IsValidTo property of the token to whatever you require.

    Put this in your global.asax file:

    protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
    var sessionToken = e.SessionToken;
    SymmetricSecurityKey symmetricSecurityKey = null;

    if (sessionToken.SecurityKeys != null)
        symmetricSecurityKey = sessionToken.SecurityKeys.OfType<SymmetricSecurityKey>().FirstOrDefault();

    Condition.Requires(symmetricSecurityKey, "symmetricSecurityKey").IsNotNull();

    if (sessionToken.ValidTo > DateTime.UtcNow)
    {
        var slidingExpiration = sessionToken.ValidTo - sessionToken.ValidFrom;

        e.SessionToken = new SessionSecurityToken(
                    sessionToken.ClaimsPrincipal,
                    sessionToken.ContextId,
                    sessionToken.Context,
                    sessionToken.EndpointId,
                    slidingExpiration,
                    symmetricSecurityKey);

        e.ReissueCookie = true;
    }
    else
    {
        var sessionAuthenticationModule = (SessionAuthenticationModule) sender;

        sessionAuthenticationModule.DeleteSessionTokenCookie();

        e.Cancel = true;
    }
}

    Source: http://blogs.planbsoftware.co.nz/?p=5211

    • 0