W.I.F.: Setting IsSessionMode to true, can't seem to make it happen

后端 未结 4 2675
野的像风
野的像风 2021-02-20 13:55

We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big.

There is an \"neat trick\" to fix this: \"WIF RTM added a p

相关标签:
4条回答
  • 2021-02-20 14:22

    Have you registered your event handler for the SessionSecurityTokenCreated event?

    FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated 
        += this.WSFederationAuthenticationModule_SessionSecurityTokenCreated;
    

    This line needs to be added to the Application_Start medthod in your Global.asax file.

    The FederatedAuthentication class in in the namespace Microsoft.IdentityModel.Web.

    0 讨论(0)
  • 2021-02-20 14:23

    Hi try this: instead of the SessionSecurityTokenCreated event use the SecurityTokenValidated

    In the global.ascx

    void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e) 
    {   
        FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true; 
    }
    

    Check the comment from Dominick Baier blog

    0 讨论(0)
  • 2021-02-20 14:28

    One important thing to note is how to handle SecurityTokenValidated and SessionSecurityTokenCreated events of WSFederationAuthenticationModule class.

    Alternative 1 — auto event wire up in global.asax (explicit method names without manual wiring to events):

    void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
    {
        FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
    }
    
    // or
    
    void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
    {
        e.SessionToken.IsReferenceMode = true;
    }
    

    Alternative 2 — manual method wiring to events in global.asax. The point is that it must not be in Application_Start but in overriden Init:

    void Application_Start(object sender, EventArgs e)
    {
        // Called only once on application start
        // This is not the right place to wire events for all HttpApplication instances
    }
    
    public override void Init()
    {
        // Called for each HttpApplication instance
        FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenValidated += STV;
        FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += SSTC;
    }
    
    void STV(object sender, SecurityTokenValidatedEventArgs e)
    {
        FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
    }
    
    // or
    
    void SSTC(object sender, SessionSecurityTokenCreatedEventArgs e)
    {
        e.SessionToken.IsReferenceMode = true;
    }
    
    0 讨论(0)
  • 2021-02-20 14:36

    Old thread, but I believe SessionSecurityTokenCreated is the proper event to handle this--tested it and it works under "old WIF" and NET 4.5 with the appropriate namespace variations.

    void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs e)
    {
        e.SessionToken.IsReferenceMode = true;
    }
    
    0 讨论(0)
提交回复
热议问题