Clever Geek Handbook

Identity Security Token Identity Point Identity v2

I am currently using Identity for the login system, but the session token it generates suggests a fixed expiration date of 10 hours. its specification for my system requires the session to expire if the user is idle for 20 minutes. I cannot find anywhere in the source code to suggest sliding session state.

I was looking for this problem and the only solution is to create a new session from sessionAuthenticationModule every time the SessionAuthenticationModule_SessionSecurityTokenReceived event is generated in global.asax.

        if (validFrom.AddMinutes(halfSpan) < now && now < validTo)
        {
            var sam = sender as SessionAuthenticationModule;

            e.SessionToken = sam.CreateSessionSecurityToken(
                e.SessionToken.ClaimsPrincipal,
                e.SessionToken.Context,
                now,
                now.AddMinutes(5),
                e.SessionToken.IsPersistent);
            e.ReissueCookie = true;
        }

Is there a better alternative to this method?

+3


source to share


1 answer


Allen Brock, a ThinkTecture member, suggests re-issuing the token if the session is still valid but more than halfway out:

void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
    SessionAuthenticationModule sam = FederatedAuthentication.SessionAuthenticationModule;

    var token = e.SessionToken;
    var duration = token.ValidTo.Subtract(token.ValidFrom);
    if (duration <= TimeSpan.Zero) return;

    var diff = token.ValidTo.Add(sam.FederationConfiguration.IdentityConfiguration.MaxClockSkew).Subtract(DateTime.UtcNow);
    if (diff <= TimeSpan.Zero) return;

    var halfWay = duration.TotalMinutes / 2;
    var timeLeft = diff.TotalMinutes;
    if (timeLeft <= halfWay)
    {
        e.ReissueCookie = true;
        e.SessionToken =
            new SessionSecurityToken(
                token.ClaimsPrincipal,
                token.Context,
                DateTime.UtcNow,
                DateTime.UtcNow.Add(duration))
            {
                IsPersistent = token.IsPersistent,
                IsReferenceMode = token.IsReferenceMode
            };
    }
}

If you approve, you don't need to write it yourself, but you can call it from global.asax

:



public override void Init()
{
    PassiveModuleConfiguration.EnableSlidingSessionExpirations();
}

Source: http://brockallen.com/2013/02/17/sliding-sessions-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/

See also Updating BootStrapContext with new SessionSecurityToken when using Sliding Sessions in WIF with SAM and Thinktecture IdentityModel for an issue with this: BootStrapToken serialized to current requirements Identity remains old.

+1


source






More articles:


All Articles