Skip to content

Configuring persistent session token cookies in WIF with Thinktecture IdentityModel

February 17, 2013

WIF can be configured to issue persistent session cookies. This configuration can be performed in web.config:

<system.identityModel.services>
  <federationConfiguration>
    <wsFederation requireHttps="true"
                  passiveRedirectEnabled="true"
                  realm="http://localhost/rp"
                  issuer="https://localhost/sts/issue/wsfed"
                  persistentCookiesOnPassiveRedirects="true" />
  </federationConfiguration>
</system.identityModel.services>

The persistentCookiesOnPassiveRedirects attribute on the <wsFederation> element configures the session cookie issued by the SAM to be persistent for the lifetime of the token and so it is common to set both. A ConfigurePersistentSessions API was added to Thinktecture IdentityModel to make this configuration from code. It is a one-time configuration that is performed in Application_Start in global.asax:

protected void Application_Start()
{
    PassiveSessionConfiguration.ConfigurePersistentSessions(TimeSpan.FromDays(30));
}

This sets the persistent flag as well as the session token duration on the session security token.

from → IdentityModel, WIF / Claims
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this: