如何处理 Global.asax 中的 SessionSecurityTokenReceived 事件?
我正在尝试在 WIF 中设置滑动会话,并且需要处理 SessionSecurityTokenReceived。
我确信我在这里做了一些愚蠢的事情...但是 VS2010 不断告诉我在下面所示的位置没有适用的变量或成员
。有人能指出我正确的方向吗?我已经到处搜索了如何定义此事件的处理的实际示例,但我找不到一个。
Global.asax
protected void Application_Start()
{
FederatedAuthentication.WSFederationAuthenticationModule.SecurityTokenReceived
+= SessionAuthenticationModule_SessionSecurityTokenReceived;
// ^^^ There is no applicable variable or member
}
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
DateTime now = DateTime.UtcNow;
DateTime validFrom = e.SessionToken.ValidFrom;
DateTime validTo = e.SessionToken.ValidTo;
if ((now < validTo) &&
(now > validFrom.AddMinutes((validTo.Minute - validFrom.Minute) / 2))
)
{
SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(
e.SessionToken.ClaimsPrincipal,
e.SessionToken.Context,
now,
now.AddMinutes(2),
e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
else
{
//todo: WSFederationHelper.Instance.PassiveSignOutWhenExpired(e.SessionToken, this.Request.Url);
// this code from: http://stackoverflow.com/questions/5821351/how-to-set-sliding-expiration-in-my-mvc-app-that-uses-sts-wif-for-authenticati
var sessionAuthenticationModule = (SessionAuthenticationModule)sender;
sessionAuthenticationModule.DeleteSessionTokenCookie();
e.Cancel = true;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为您不需要订阅活动。删除启动时的订阅,只需使用
SessionAuthenticationModule_SessionSecurityTokenReceived
ASP.Net 就会为您连接。 (该模块必须命名为“SessionAuthenticationModule”,默认情况下)。
如果您正在处理滑动会话,Vittorio 的这篇博客文章非常好:http://blogs.msdn.com/b/vbertocci/archive/2010/06/16/warning-sliding-sessions-are-closer-than-they-appear.aspx
I don't think you need the event subscription. Remove the subcription on start and just use
SessionAuthenticationModule_SessionSecurityTokenReceived
ASP.Net will wire that for you. (The module has to be named "SessionAuthenticationModule" and it is by default).
If you are working on sliding sessions, this blog post by Vittorio is pretty good: http://blogs.msdn.com/b/vbertocci/archive/2010/06/16/warning-sliding-sessions-are-closer-than-they-appear.aspx
不要在 Global.asax 中定义它,而是创建一个继承 SessionAuthenticationModule 的新类:
然后在 web.config 中,用新模块替换默认的 SessionAuthentication 模块:
Instead of defining it in Global.asax, create a new class that inherits SessionAuthenticationModule:
Then in your web.config, substitute the default SessionAuthentication module with your new module: