我在Windows Azure ACS中使用SWT,并且在依赖方应用程序中使用自定义SwtHandler来处理传入的SWT令牌。当它在依赖方重新创建SWT令牌时,我在创建与validFrom属性值相关的SessionSecurityToken时出错。
我已经尝试了以下ValidFrom的值,但没有解决问题。
[ArgumentOutOfRangeException:指定的参数超出了有效值的范围。 参数名称:validFrom]
System.IdentityModel.Tokens.SessionSecurityToken..ctor(ClaimsPrincipal claimPrincipal,UniqueId contextId,String id,String context,Byte [] key,String endpointId,Nullable 1 validFrom, Nullable 1 validTo,UniqueId keyGeneration,Nullable {{1 1 keyExpirationTime,SctAuthorizationPolicy sctAuthorizationPolicy,Uri securityContextSecurityTokenWrapperSecureConversationVersion)+1009610
System.IdentityModel.Tokens.SessionSecurityToken..ctor(ClaimsPrincipal claimPrincipal,UniqueId contextId,String context,String endpointId,Nullable 1 keyEffectiveTime, Nullable 1 validTo,SymmetricSecurityKey key)+317
System.IdentityModel.Tokens.SessionSecurityTokenHandler.CreateSessionSecurityToken(ClaimsPrincipal principal,String context,String endpointId,DateTime validFrom,DateTime validTo)+306
System.IdentityModel.Services.SessionAuthenticationModule.CreateSessionSecurityToken(ClaimsPrincipal principal,String context,DateTime validFrom,DateTime validTo,Boolean isPersistent)+313
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request)+1079
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender,EventArgs args)+123924
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step,Boolean& completedSynchronously)+165
答案 0 :(得分:1)
在尝试实现SessionAuthenticationModule的滑动过期时,我遇到了类似的问题,重新创建了会话安全令牌。
protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
DateTime now = DateTime.UtcNow;
DateTime validFrom = e.SessionToken.ValidFrom;
DateTime validTo = e.SessionToken.ValidTo;
TimeSpan sessionLifetime = validTo.Subtract(e.SessionToken.ValidFrom);
bool sessionTimeHasExpired = now > validTo;
bool sessionTimeIsHalfExpired = now > validFrom.AddMinutes(sessionLifetime.TotalMinutes / 2);
// http://www.michael-mckenna.com/Blog/2013/2/the-problem-with-absolute-token-expiration-in-windows-identity-foundation-wif
if (!sessionTimeHasExpired && sessionTimeIsHalfExpired)
{
// If the session has not expired but the session lifetime is already half spent, reissue the cookie.
e.SessionToken = (sender as SessionAuthenticationModule).CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context,
now, now.AddMinutes(sessionLifetime.TotalMinutes), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
CreateSessionSecurityToken方法获取validFrom和validTo的值。如果这两个值相等,则抛出ArgumentOutOfRange异常。
我遇到了这个问题,因为最初我使用的是sessionLifetime.Minutes(为0)而不是sessionLifetime.TotalMinutes(为100)。
答案 1 :(得分:0)
尝试使用相同的KeyEffectiveTime
e.SessionToken = sam.CreateSessionSecurityToken(
e.SessionToken.ClaimsPrincipal,
e.SessionToken.Context,
e.SessionToken.KeyEffectiveTime,
e.SessionToken.KeyExpirationTime.AddHours(8),
e.SessionToken.IsPersistent);