Skip to content

Configuring persistent session token cookies in WIF with Thinktecture IdentityModel

February 17, 2013

WIF can be configured to issue persistent session cookies. This configuration can be performed in web.config:

<system.identityModel.services>
  <federationConfiguration>
    <wsFederation requireHttps="true"
                  passiveRedirectEnabled="true"
                  realm="http://localhost/rp"
                  issuer="https://localhost/sts/issue/wsfed"
                  persistentCookiesOnPassiveRedirects="true" />
  </federationConfiguration>
</system.identityModel.services>

The persistentCookiesOnPassiveRedirects attribute on the <wsFederation> element configures the session cookie issued by the SAM to be persistent for the lifetime of the token and so it is common to set both. A ConfigurePersistentSessions API was added to Thinktecture IdentityModel to make this configuration from code. It is a one-time configuration that is performed in Application_Start in global.asax:

protected void Application_Start()
{
    PassiveSessionConfiguration.ConfigurePersistentSessions(TimeSpan.FromDays(30));
}

This sets the persistent flag as well as the session token duration on the session security token.

2 Comments leave one →
  1. RonyK permalink
    June 4, 2013 1:11 am

    Hi, Could you explain what would be the effect of issuing persistent session cookies?

    • June 5, 2013 9:42 am

      It would simply meant that the cookie is stored on the user’s machine and that they won’t need to re-authenticate via the STS while that cookie is still valid. The use case here is that normally a STS issues a cookie for 10 hours. With this (and the override WSFed token lifetime feature) you could keep the user logged into your app for a day or a week instead.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: