Configuration for WIF session helper APIs in Thinktecture IdentityModel

May 28, 2013

I just added a custom configuration section in Thinktecture IdentityModel that will automatically drive the various SAM and FAM helper functions I added a while ago. The configuration looks something like this:

<configuration>
  <configSections>
    <section name="securitySessionConfiguration" 
             type="Thinktecture.IdentityModel.Web.Configuration.SecuritySessionSection, Thinktecture.IdentityModel"/>
  </configSections>

  <securitySessionConfiguration
    sessionTokenCacheType="WebRP.EF.EFTokenCacheRepository, WebRP"
    useMackineKeyProtectionForSessionTokens="true"
    defaultSessionDuration="01:00:00"
    persistentSessionDuration="01:00:00:00"
    cacheSessionsOnServer="true"
    enableSlidingSessionExpirations="true"
    overrideWSFedTokenLifetime="true"
    suppressLoginRedirectsForApiCalls="true"
    suppressSecurityTokenExceptions="true"
  />
</configuration>

With this in place you no longer need to explicitly invoke the various PassiveSessionConfiguration or PassiveModuleConfiguration APIs from global.asax. Also, each of these attributes is optional so you only need to specify the ones you care about.

HTH

6 Comments leave one →

Dominick Baier permalink

May 28, 2013 1:56 pm

Reblogged this on http://www.leastprivilege.com.

Reply
Michael P. permalink

May 29, 2013 7:01 am

I’ve just tried to download the Thinktecture.IdentityModel.45-master in order to run the Web API Security WebHost. Unfortunately it’s broken as there is no securitySessionConfiguration in the config file and adding the configuration above doesn’t work either as the referencedTokenCacheType is not part of the project. I’ve had to disable the PreApplicationStartMethod to get the sample running.

Reply
- brockallen permalink*
  
  May 29, 2013 10:43 am
  
  Yep — my mistake. I’ve just fixed it and pushed code and NuGet to solve it.
  
  The token cache type is not part of the library — you’re expected to write your own so the name in the blog post was just an example. Here’s a concrete example: https://brockallen.com/2013/02/21/server-side-session-token-caching-in-wif-and-thinktecture-identitymodel/
  
  Sorry for the trouble and thanks for the post.
  
  Reply
RonyK permalink

June 10, 2013 7:39 am

Is the persistentSessionDuration configuration has to come along with persistentCookiesOnPassiveRedirects=”true”, or does it replace it?

Reply
- brockallen permalink*
  
  June 10, 2013 10:23 am
  
  ConfigurePersistentSessions sets the persistentCookiesOnPassiveRedirects flag.
  
  Reply