Setting up sliding sessions in Windows Identity Foundation(WIF)

By default a WIF security token is only valid for a certain time. However this token does not work with a sliding expiration out-of-the-box. This means that, no matter if the users is actively using the application or not, once the time interval has expired, the token is invalidated and the user has to login again.
Although this seems logical from a security standpoint, it’s not very user friendly. Users expect that as long as they are using the application, their authentication session remains valid.

So how can we achieve sliding expiration in WIF?

Create a new class that inherits from SessionAuthenticationModule:

public class SlidingAuthenticationModule : SessionAuthenticationModule
{
   
}

   public SlidingAuthenticationModule
   {
      this.SessionSecurityTokenReceived += SessionSecurityTokenReceived; 
   }

   void SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
   {
      
   }

Add code to the event handler to implement the sliding expiration:

void SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{ 
 var sessionToken = e.SessionToken;
    SymmetricSecurityKey symmetricSecurityKey = null;

    if (sessionToken.SecurityKeys != null)
     symmetricSecurityKey = sessionToken.SecurityKeys.OfType<SymmetricSecurityKey>().FirstOrDefault();

 if (sessionToken.ValidTo > DateTime.UtcNow)
    {
  var slidingExpiration = sessionToken.ValidTo - sessionToken.ValidFrom;

  e.SessionToken = new SessionSecurityToken(
                    sessionToken.ClaimsPrincipal,
                    sessionToken.ContextId,
                    sessionToken.Context,
                    sessionToken.EndpointId,
                    slidingExpiration,
                    symmetricSecurityKey);

     e.ReissueCookie = true;
    }
    else
    {
        var sessionAuthenticationModule = (SessionAuthenticationModule) sender;
        sessionAuthenticationModule.DeleteSessionTokenCookie();
     e.Cancel = true;
 }
}

Inside your web.config, replace the default SessionAuthentication module with the new module you’ve created:

<modules>
   <add name="SessionAuthenticationModule" type="SlidingAuthenticationModule" preCondition="managedHandler"/>
</modules>

Kubernetes–Limit your environmental impact

Reducing the carbon footprint and CO2 emission of our (cloud) workloads, is a responsibility of all of us. If you are running a Kubernetes cluster, have a look at Kube-Green . kube-green is a simple Kubernetes operator that automatically shuts down (some of) your pods when you don't need them. A single pod produces about 11 Kg CO2eq per year( here the calculation). Reason enough to give it a try! Installing kube-green in your cluster The easiest way to install the operator in your cluster is through kubectl. We first need to install a cert-manager: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml Remark: Wait a minute before you continue as it can take some time before the cert-manager is up & running inside your cluster. Now we can install the kube-green operator: kubectl apply -f https://github.com/kube-green/kube-green/releases/latest/download/kube-green.yaml Now in the namespace where we want t

The art of simplicity

Search This Blog