How can I make a security token automatically expire in a passive STS setup?
Question
I have a passive STS set up for a new application I'm working on.
I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires.
I am familiar with how to sign a user out with a few lines of code. How can I make it so that the user is automatically signed out after a specified period of inactivity?
Currently, I have some code in the global.asax file that programmatically checks when the last request was and compares it to the current time; it then signs the user out if a certain period of time has expired.
1 answers
solution1
3 ACCPTED 2010-06-15 00:05:34
Peter Kron has proposed an answer in your MSDN thread:
Handle the SessionSecurityTokenCreated event raised by WSFederationAuthenticationModule. In that you can create a new SessionSecurityToken from the proposed token, and set the lifetime as you please.
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/6b6d51ea-9c15-4744-800b-dd1379b495c3
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.