Sliding session authentication module for WIF

There’s a few examples of this around…  The example in the WIF book doesn’t take into consideration the clock skew.

Here’s one that does:

public class SlidingSessionAuthenticationModule : SessionAuthenticationModule
{
	protected override void OnSessionSecurityTokenReceived(SessionSecurityTokenReceivedEventArgs args)
	{
		var sessionSecurityToken = args.SessionToken;
		var now = DateTime.Now;
		var validTo = sessionSecurityToken.ValidTo.Add(ServiceConfiguration.MaxClockSkew);

		if (now < validTo)
		{
			var timeout = sessionSecurityToken.ValidTo - sessionSecurityToken.ValidFrom;
			var window = TimeSpan.FromSeconds(timeout.TotalSeconds / 2);

			var renewalTime = sessionSecurityToken.ValidTo.Subtract(window);
			if (now > renewalTime)
			{
				args.SessionToken = CreateSessionSecurityToken(
					sessionSecurityToken.ClaimsPrincipal, 
					sessionSecurityToken.Context, 
					now, 
					now.Add(timeout),
					sessionSecurityToken.IsPersistent);

				args.ReissueCookie = true;
			}
		}

		base.OnSessionSecurityTokenReceived(args);
	}
}
Advertisements

About Tom Peplow

C# .Net developer based in London and the South Coast
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s