如何设置在使用STS（WIF）进行验证我的MVC应用程序滑动过期 [英] How to Set Sliding Expiration in my MVC app that uses STS (WIF) for authentication

问题描述

我们正在开发使用STS的MVC应用程序。我们使用WIF工具，为发展创造一个简单的STS应用程序。

We are developing an MVC app using STS. We used the WIF tools to create a simple STS app for development.

我希望能够设置在我的令牌滑动到期（在RP）。

I would like to be able to set a sliding expiration in my token (in the RP).

我看到代码的喜欢这里。

不幸的是，这是事件处理程序和例子，而乐于助人，不显示怎么样！实现处理器

Unfortunately, this is the event handler and the example, while helpful, doesn't show how to implement the handler!

在我的Global.asax，的Application_Start（）我有：

In my global.asax, Application_Start() I have:

sam = new SessionAuthenticationModule();
        sam.SessionSecurityTokenReceived += 
            new EventHandler<SessionSecurityTokenReceivedEventArgs>(sam_SessionSecurityTokenReceived);

（SAM是指一类范围。）

(sam is defined with a class scope.)

我不知道这是否是正确的。我不知道如何验证，如果该事件被称为有史以来因为在Global.asax中的调试问题。

I'm not sure if this is correct. I do not know how to verify if the event was ever called because of debugging issues in global.asax.

有没有更完整的例子某处如何捕获这个活动？我要对正确的方式？

Is there a more complete example somewhere of how to trap this event? Am I going about it the right way?

TIA！我感谢帮助！
富

TIA! I appreciate the help! Rich

编辑 - 嗯，我知道该事件是没有得到所谓的，因为我在处理程序把除以零代码和应用程​​序没有抛出例外。我登录通过我的STS，所以任何标记收到的事件应该被解雇了。

Edit - well, I know that the event is not getting called because I put divide by zero code in the handler and the app did not throw an exception. I logged in thru my STS, so any token recieved event should have been fired.

这是如何做到这一点任何帮助将不胜感激。谢谢！

Any help on how to do this would be greatly appreciated. thanks!

推荐答案

由于WIF只允许固定长度的会议，它要求补发安全令牌此时您可以设置当令牌。在Global.asax文件IsValidTo到任何您需要的令牌属性。

Since WIF only allows fixed length sessions, it requires reissuing the security token at which point you can set when the token IsValidTo property of the token to whatever you require.

将这个：

protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
    var sessionToken = e.SessionToken;
    SymmetricSecurityKey symmetricSecurityKey = null;

    if (sessionToken.SecurityKeys != null)
        symmetricSecurityKey = sessionToken.SecurityKeys.OfType<SymmetricSecurityKey>().FirstOrDefault();

    Condition.Requires(symmetricSecurityKey, "symmetricSecurityKey").IsNotNull();

    if (sessionToken.ValidTo > DateTime.UtcNow)
    {
        var slidingExpiration = sessionToken.ValidTo - sessionToken.ValidFrom;

        e.SessionToken = new SessionSecurityToken(
                    sessionToken.ClaimsPrincipal,
                    sessionToken.ContextId,
                    sessionToken.Context,
                    sessionToken.EndpointId,
                    slidingExpiration,
                    symmetricSecurityKey);

        e.ReissueCookie = true;
    }
    else
    {
        var sessionAuthenticationModule = (SessionAuthenticationModule) sender;

        sessionAuthenticationModule.DeleteSessionTokenCookie();

        e.Cancel = true;
    }
}

来源：的http://blogs.planbsoftware.co.nz/?p=521 的 1

这篇关于如何设置在使用STS（WIF）进行验证我的MVC应用程序滑动过期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！