WIF：将 IsSessionMode 设置为 true，似乎无法实现

发布于 2024-12-11 08:53:32 字数 1453 浏览 0 评论 0原文

我们在使用 Safari（和 Opera）时遇到了问题，据我所知，FedAuth cookie 太大了。

有一个“巧妙的技巧”可以解决这个问题： “WIF RTM 向 SessionAuthenticationModule 添加了一个属性 IsSessionMode。当翻转为 true 时，IsSessionMode 的作用是确保 SessionSecurityToken 在整个会话期间保留在缓存中，并生成一个仅包含会话标识符而不是会话标识符的 cookie。会议本身的内容。”

我在 global.asax 中有这段代码：

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}

问题，“FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true”永远不会运行......为什么？

将 IsSessionMode 设置为 true 与“PassiveSignInControl”有关吗？

MSDN 帖子

your-fedauth-cookies-on-a-diet-issessionmode-true.aspx

摘自《Windows® Identity Foundation 编程》一书：

“SAM 的一个有趣的属性是 IsSessionMode。当设置为 true，IsSessionMode 具有存储大部分会话的效果在服务器端令牌缓存上，而不是将所有内容写入曲奇饼。 cookie 本身只包含一个小的上下文标识符，它将用于检索会话服务器。不幸的是，在这个版本的92 Part II Windows中 Identity Foundation for Identity Developers 产品没有办法从配置文件设置 IsSessionMode。您可以通过设置它 PassiveSignInControl 的属性，或在 global.asax 文件中作为如下（与上面相同的代码）”

原文

We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big.

There is an "neat trick" to fix this:
"WIF RTM added a property to the SessionAuthenticationModule, IsSessionMode. When flipped to true, IsSessionMode has the effect of ensuring that the SessionSecurityToken remains in the cache for the whole duration of the session and generating a cookie which contains just a session identifier rather than the content of the session itself."

I have this code in global.asax:

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}

The Problem , "FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true" never runs ... why?

Is it related to the "PassiveSignInControl" to set IsSessionMode to true?

MSDN Post

your-fedauth-cookies-on-a-diet-issessionmode-true.aspx

From the book "Programming Windows® Identity Foundation":

"An interesting property of the SAM is IsSessionMode. When set to
true, IsSessionMode has the effect of storing the bulk of the session
on a server-side token cache instead of writing everything in the
cookie. The cookie itself will just contain a small context
identifier, which will be used for retrieving the session on the
server. Unfortunately, in this version of the92 Part II Windows
Identity Foundation for Identity Developers product there is no way to
set IsSessionMode from the configuration file. You can set it via a
property of the PassiveSignInControl, or in the global.asax file as
follows(same code as above)"

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

醉态萌生 2024-12-18 08:53:32

旧线程，但我相信 SessionSecurityTokenCreated 是处理此问题的正确事件 - 对其进行了测试，它可以在“旧 WIF”和 NET 4.5 下使用适当的命名空间变体工作。

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

Old thread, but I believe SessionSecurityTokenCreated is the proper event to handle this--tested it and it works under "old WIF" and NET 4.5 with the appropriate namespace variations.

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

回复收藏 0 原文

猫性小仙女 2024-12-18 08:53:32

您是否为 SessionSecurityTokenCreated 事件注册了事件处理程序？

FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated 
    += this.WSFederationAuthenticationModule_SessionSecurityTokenCreated;

需要将此行添加到 Global.asax 文件中的 Application_Start 方法中。

命名空间 Microsoft.IdentityModel.Web 中的 FederatedAuthentication 类。

Have you registered your event handler for the SessionSecurityTokenCreated event?

FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated 
    += this.WSFederationAuthenticationModule_SessionSecurityTokenCreated;

This line needs to be added to the Application_Start medthod in your Global.asax file.

The FederatedAuthentication class in in the namespace Microsoft.IdentityModel.Web.

回复收藏 0 原文

a√萤火虫的光℡ 2024-12-18 08:53:32

SecurityTokenValidated

您好，尝试一下：不要使用 SessionSecurityTokenCreated 事件，而是使用global.ascx 中的

void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e) 
{   
    FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true; 
}

检查 Dominick Baier 的评论博客

Hi try this: instead of the SessionSecurityTokenCreated event use the SecurityTokenValidated

In the global.ascx

void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e) 
{   
    FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true; 
}

Check the comment from Dominick Baier blog

回复收藏 0 原文

愛上了 2024-12-18 08:53:32

需要注意的一件重要事情是如何处理 WSFederationAuthenticationModule 类的 SecurityTokenValidated 和 SessionSecurityTokenCreated 事件。

替代方案 1 — 在 global.asax 中自动连接事件（显式方法名称，无需手动连接到事件）：

void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}

// or

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

替代方案 2 — 在 global.asax 中手动连接事件方法。关键是它不能位于 Application_Start 中，而是位于重写的 Init 中：

void Application_Start(object sender, EventArgs e)
{
    // Called only once on application start
    // This is not the right place to wire events for all HttpApplication instances
}

public override void Init()
{
    // Called for each HttpApplication instance
    FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenValidated += STV;
    FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += SSTC;
}

void STV(object sender, SecurityTokenValidatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}

// or

void SSTC(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

One important thing to note is how to handle SecurityTokenValidated and SessionSecurityTokenCreated events of WSFederationAuthenticationModule class.

Alternative 1 — auto event wire up in global.asax (explicit method names without manual wiring to events):

void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}

// or

void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

Alternative 2 — manual method wiring to events in global.asax. The point is that it must not be in Application_Start but in overriden Init:

void Application_Start(object sender, EventArgs e)
{
    // Called only once on application start
    // This is not the right place to wire events for all HttpApplication instances
}

public override void Init()
{
    // Called for each HttpApplication instance
    FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenValidated += STV;
    FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += SSTC;
}

void STV(object sender, SecurityTokenValidatedEventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
}

// or

void SSTC(object sender, SessionSecurityTokenCreatedEventArgs e)
{
    e.SessionToken.IsReferenceMode = true;
}

回复收藏 0 原文

~没有更多了~