How to Set Sliding Expiration in my MVC app that u

2019-03-30 17:49发布

站内问答 / C#
1686 2 5

We are developing an MVC app using STS. We used the WIF tools to create a simple STS app for development.

I would like to be able to set a sliding expiration in my token (in the RP).

I see code like here.

Unfortunately, this is the event handler and the example, while helpful, doesn't show how to implement the handler!

In my global.asax, Application_Start() I have:

sam = new SessionAuthenticationModule();
        sam.SessionSecurityTokenReceived += 
            new EventHandler<SessionSecurityTokenReceivedEventArgs>(sam_SessionSecurityTokenReceived);

(sam is defined with a class scope.)

I'm not sure if this is correct. I do not know how to verify if the event was ever called because of debugging issues in global.asax.

Is there a more complete example somewhere of how to trap this event? Am I going about it the right way?

TIA! I appreciate the help! Rich

Edit - well, I know that the event is not getting called because I put divide by zero code in the handler and the app did not throw an exception. I logged in thru my STS, so any token recieved event should have been fired.

Any help on how to do this would be greatly appreciated. thanks!

2条回答
\"骚年 ilove
2楼-- · 2019-03-30 18:03

Since WIF only allows fixed length sessions, it requires reissuing the security token at which point you can set when the token IsValidTo property of the token to whatever you require.

Put this in your global.asax file:

protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
    var sessionToken = e.SessionToken;
    SymmetricSecurityKey symmetricSecurityKey = null;

    if (sessionToken.SecurityKeys != null)
        symmetricSecurityKey = sessionToken.SecurityKeys.OfType<SymmetricSecurityKey>().FirstOrDefault();

    Condition.Requires(symmetricSecurityKey, "symmetricSecurityKey").IsNotNull();

    if (sessionToken.ValidTo > DateTime.UtcNow)
    {
        var slidingExpiration = sessionToken.ValidTo - sessionToken.ValidFrom;

        e.SessionToken = new SessionSecurityToken(
                    sessionToken.ClaimsPrincipal,
                    sessionToken.ContextId,
                    sessionToken.Context,
                    sessionToken.EndpointId,
                    slidingExpiration,
                    symmetricSecurityKey);

        e.ReissueCookie = true;
    }
    else
    {
        var sessionAuthenticationModule = (SessionAuthenticationModule) sender;

        sessionAuthenticationModule.DeleteSessionTokenCookie();

        e.Cancel = true;
    }
}

Source: http://blogs.planbsoftware.co.nz/?p=5211

查看更多
0人赞 添加讨论(0) 举报
The star\"
3楼-- · 2019-03-30 18:08

While the answer by bmeredith looks perfectly valid, one thing sticks out.

It looks like the token is renewed upon every request, and cryptographic operations usually aren't cheap. I found a similar but slightly different approach that only renews the token when ½ the session has passed.

Also I like the use of the SessionAuthenticationModule for creating the token, so we don't have to mess around with keys.

http://www.cloudidentity.com/blog/2013/05/08/sliding-sessions-for-wif-4-5/

void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender,

System.IdentityModel.Services.SessionSecurityTokenReceivedEventArgs e)
{ 
    DateTime now = DateTime.UtcNow;
    SessionSecurityToken sst = e.SessionToken;
    DateTime validFrom = sst.ValidFrom;
    DateTime validTo = sst.ValidTo; 
    if ((now < validTo) && (now > validFrom.AddMinutes( (validTo.Minute - validFrom.Minute) / 2)) ) 
    { 
        SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
        e.SessionToken = sam.CreateSessionSecurityToken(sst.ClaimsPrincipal,
                                                        sst.Context,
                                                        now,
                                                        now.AddMinutes(2),
                                                        sst.IsPersistent); 
                                                        e.ReissueCookie = true; 
    }
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)