ADFS新鲜度和会话滑动

时间:2015-05-02 21:06:33

标签: c# asp.net session wif adfs2.0 

I have implemented session sliding using in my customehttphandler module.

我正在尝试实现会话滑动以及在多个共享相同ADFS服务器的网站上进行身份验证。

 public void SessionAuthenticationModuleSessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
        {
            SessionSecurityToken token = e.SessionToken;
            DateTime nowUtc = DateTime.UtcNow;
            DateTime validFrom = token.ValidFrom;
            DateTime validTo = token.ValidTo;
            double totalMinutes = (validTo - validFrom).TotalMinutes;
            double halfSpan = totalMinutes / 2;

            SessionAuthenticationModule sam = sender as SessionAuthenticationModule;

            if (validTo < nowUtc)
            {
                if (sam != null)
                {
                    sam.DeleteSessionTokenCookie();
                    e.Cancel = true;
                }               
            }
            else if ((nowUtc - validFrom).TotalMinutes >= halfSpan)
            {
                SessionSecurityToken renewToken =             sam.CreateSessionSecurityToken(
                    token.ClaimsPrincipal,
                    token.Context,
                    nowUtc,
                    nowUtc.AddMinutes(totalMinutes),
                    true);
                e.SessionToken = renewToken;

                e.ReissueCookie = true;

//db timestamp update
            }
        }

And SignedIn event

 public void WSFederationAuthenticationModuleSignedIn(object sender, EventArgs e)
        {

             token = gettoken from cookie
            if (token.ValidTo > DateTime.Now.ToUniversalTime())
            {
                     //db insert for new login (assuming this will fire only      once on actual login)
                   reissue token
            }
       }

Session timeout is mentioned in the my relying party application web config

<securityTokenHandlers>
        <add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
          <sessionTokenRequirement lifetime="0:02" />
        </add>
      </securityTokenHandlers>

Token Life time on ADFS I do not want to change which is greater than 2 minutes.

But issue is, after 2 minutes time out is not happening. It goes to SingedIn event becuase i assume it reissue token and then it calls session token received event so this condition (if (validTo < nowUtc)) never satisfy, how can i achieve timeout here? Freshness="0"achieves it but If i set Freshness="0" then I can not get authenticated by other website which are on same ADFS server. I want to be authenticated on other website as well if i have logged in one.

If I remove freshness="0" I can be authenticated without login on second website which is different application.

Why SignedIn is getting called before session token received and How can i achieve timeout in proper way and get authenticated in multiple website?

注意:我在customeHttpHanlder模块中有这些事件。还有其他事件,如PostAuthenticateRequest。

0 个答案:

没有答案
相关问题
最新问题