Skip to content

Suppressing session token validation exceptions in WIF and Thinktecture IdentityModel

February 20, 2013

I’ve discussed in the past how to deal with session security token exceptions. Sometimes the token times out. Sometimes the token fails to validate. Sometimes the token’s not available in the server side cache. When these problems occur, there’s not much the application can do except treat the user as unauthenticated. So, the same technique used to suppress the yellow screen of death I illustrated in my past discussion has been added as a helper API in Thinktecture IdentityModel. To enable this feature, invoke SuppressSecurityTokenExceptions from Init in global.asax:

public override void Init()
{
    PassiveModuleConfiguration.SuppressSecurityTokenExceptions();
}

This API support two optional parameters — one for the relative path to redirect the user to when the token validation fails and another which is an Action<SecurityTokenException> callback to log the exception. For example:

public override void Init()
{
    PassiveModuleConfiguration.SuppressSecurityTokenExceptions(
        "~/Account/NotLoggedIn", 
        ex => { 
            File.AppendAllText("c:\logs\error.txt", ex.ToString(); 
        });
}

Note that File.AppendAllText is not thread-safe, but it illustrates the callback feature :)

HTH

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: