Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Set Sliding Expiration in my MVC app that uses STS (WIF) for authentication

We are developing an MVC app using STS. We used the WIF tools to create a simple STS app for development.

I would like to be able to set a sliding expiration in my token (in the RP).

I see code like here.

Unfortunately, this is the event handler and the example, while helpful, doesn't show how to implement the handler!

In my global.asax, Application_Start() I have:

sam = new SessionAuthenticationModule();
        sam.SessionSecurityTokenReceived += 
            new EventHandler<SessionSecurityTokenReceivedEventArgs>(sam_SessionSecurityTokenReceived);

(sam is defined with a class scope.)

I'm not sure if this is correct. I do not know how to verify if the event was ever called because of debugging issues in global.asax.

Is there a more complete example somewhere of how to trap this event? Am I going about it the right way?

TIA! I appreciate the help! Rich

Edit - well, I know that the event is not getting called because I put divide by zero code in the handler and the app did not throw an exception. I logged in thru my STS, so any token recieved event should have been fired.

Any help on how to do this would be greatly appreciated. thanks!

like image 338
richb01 Avatar asked Jan 20 '23 21:01

richb01


1 Answers

Since WIF only allows fixed length sessions, it requires reissuing the security token at which point you can set when the token IsValidTo property of the token to whatever you require.

Put this in your global.asax file:

protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
    var sessionToken = e.SessionToken;
    SymmetricSecurityKey symmetricSecurityKey = null;

    if (sessionToken.SecurityKeys != null)
        symmetricSecurityKey = sessionToken.SecurityKeys.OfType<SymmetricSecurityKey>().FirstOrDefault();

    Condition.Requires(symmetricSecurityKey, "symmetricSecurityKey").IsNotNull();

    if (sessionToken.ValidTo > DateTime.UtcNow)
    {
        var slidingExpiration = sessionToken.ValidTo - sessionToken.ValidFrom;

        e.SessionToken = new SessionSecurityToken(
                    sessionToken.ClaimsPrincipal,
                    sessionToken.ContextId,
                    sessionToken.Context,
                    sessionToken.EndpointId,
                    slidingExpiration,
                    symmetricSecurityKey);

        e.ReissueCookie = true;
    }
    else
    {
        var sessionAuthenticationModule = (SessionAuthenticationModule) sender;

        sessionAuthenticationModule.DeleteSessionTokenCookie();

        e.Cancel = true;
    }
}

Source: http://blogs.planbsoftware.co.nz/?p=5211

like image 154
bmeredith Avatar answered Jan 22 '23 11:01

bmeredith