[英]How can I make a security token automatically expire in a passive STS setup?
I have a passive STS set up for a new application I'm working on. 我正在为我正在开发的新应用程序设置一个被动STS。
I've noticed that when a user's session expires, the user is still authenticated. 我注意到,当用户的会话到期时,用户仍然经过身份验证。 I would have thought that when the session expires, the user would no longer be authenticated. 我原以为会话到期时,用户将不再进行身份验证。 My boss discussed this with me as I am currently charged with setting up the authentication. 我老板和我讨论过这个问题,因为我目前负责设置身份验证。 He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires. 他说,如果我们能够让用户的登录在一段时间不活动后到期,那将是一件好事。
I am familiar with how to sign a user out with a few lines of code. 我熟悉如何使用几行代码签署用户。 How can I make it so that the user is automatically signed out after a specified period of inactivity? 如何使用户在指定的不活动时间后自动退出?
Currently, I have some code in the global.asax
file that programmatically checks when the last request was and compares it to the current time; 目前,我在global.asax
文件中有一些代码,它以编程方式检查上次请求的时间并将其与当前时间进行比较; it then signs the user out if a certain period of time has expired. 然后,如果某段时间过期,它会将用户签出。
Peter Kron has proposed an answer in your MSDN thread: Peter Kron在您的MSDN主题中提出了一个答案:
Handle the SessionSecurityTokenCreated event raised by WSFederationAuthenticationModule. 处理由WSFederationAuthenticationModule引发的SessionSecurityTokenCreated事件。 In that you can create a new SessionSecurityToken from the proposed token, and set the lifetime as you please. 您可以根据建议的令牌创建一个新的SessionSecurityToken,并根据需要设置生命周期。
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/6b6d51ea-9c15-4744-800b-dd1379b495c3 http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/6b6d51ea-9c15-4744-800b-dd1379b495c3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.