Suppressing session token validation exceptions in WIF and Thinktecture IdentityModel

I’ve discussed in the past how to deal with session security token exceptions. Sometimes the token times out. Sometimes the token fails to validate. Sometimes the token’s not available in the server side cache. When these problems occur, there’s not much the application can do except treat the user as unauthenticated. So, the same technique used to suppress the yellow screen of death I illustrated in my past discussion has been added as a helper API in Thinktecture IdentityModel. To enable this feature, invoke SuppressSecurityTokenExceptions from Init in global.asax:

public override void Init()
{
    PassiveModuleConfiguration.SuppressSecurityTokenExceptions();
}

This API support two optional parameters — one for the relative path to redirect the user to when the token validation fails and another which is an Action<SecurityTokenException> callback to log the exception. For example:

public override void Init()
{
    PassiveModuleConfiguration.SuppressSecurityTokenExceptions(
        "~/Account/NotLoggedIn", 
        ex => { 
            File.AppendAllText("c:\logs\error.txt", ex.ToString(); 
        });
}

Note that File.AppendAllText is not thread-safe, but it illustrates the callback feature :)

HTH