Configuring session token lifetime in WIF with the session authentication...
For browser-based (passive) applications when federating, session token lifetime in WIF (by default) is controlled by one of two factors: 1) original token lifetime from the STS, or 2) the configured...
View ArticleSliding sessions in WIF with the session authentication module (SAM) and...
Session lifetime with WIF’s SAM (session authentication module), by default, is fixed, meaning that the session ends when the token lifetime ends. The logic to determine the session duration (and how...
View ArticleOverriding WS-Federation token lifetime in Thinktecture IdentityModel
As I described earlier, you can configure the default session token lifetime. One detail I didn’t mention was that with the technique I illustrated you can only make the session lifetime shorter than...
View ArticleConfiguring persistent session token cookies in WIF with Thinktecture...
WIF can be configured to issue persistent session cookies. This configuration can be performed in web.config: <system.identityModel.services> <federationConfiguration>...
View ArticleConfiguring machine key protection of session tokens in WIF and Thinktecture...
Session tokens in WIF, by default, are protected with DPAPI which auto-generates a key that is specific to the machine. This means, by default, that session tokens won’t work in a web farm. Session...
View ArticleSuppress login redirects for API clients in WIF with Thinktecture IdentityModel
The FAM (federated authentication module) can be configured to automatically redirect http requests to the STS for authentication when a user is unauthorized. This is a common setting and is configured...
View ArticleSuppressing session token validation exceptions in WIF and Thinktecture...
I’ve discussed in the past how to deal with session security token exceptions. Sometimes the token times out. Sometimes the token fails to validate. Sometimes the token’s not available in the server...
View ArticleServer-side session token caching in WIF and Thinktecture IdentityModel
Once a user has been authenticated session tokens are emitted by the SAM as cookies. These session cookies are fairly large (given that they contain claims) and so it is desirable to optimize them to a...
View ArticleDynamic issuer name registry direct from STS federation metadata with...
In order for a RP to trust a token issued by an STS it must be configured with the public key (or public key thumbprint) from the STS’ metadata. These keys expire and thus periodically the RP must be...
View ArticleAnnouncing Thinktecture EmbeddedSts — a simple, local STS for ASP.NET...
With Visual Studio 2013, Microsoft has provided a new “Change Authentication” wizard that is part of all ASP.NET projects. This includes an option for “Organizational Accounts”, which in essence means...
View Article
