Sliding session authentication module for WIF

There’s a few examples of this around…  The example in the WIF book doesn’t take into consideration the clock skew.

Here’s one that does:

public class SlidingSessionAuthenticationModule : SessionAuthenticationModule
	protected override void OnSessionSecurityTokenReceived(SessionSecurityTokenReceivedEventArgs args)
		var sessionSecurityToken = args.SessionToken;
		var now = DateTime.Now;
		var validTo = sessionSecurityToken.ValidTo.Add(ServiceConfiguration.MaxClockSkew);

		if (now < validTo)
			var timeout = sessionSecurityToken.ValidTo - sessionSecurityToken.ValidFrom;
			var window = TimeSpan.FromSeconds(timeout.TotalSeconds / 2);

			var renewalTime = sessionSecurityToken.ValidTo.Subtract(window);
			if (now > renewalTime)
				args.SessionToken = CreateSessionSecurityToken(

				args.ReissueCookie = true;


About Tom Peplow

C# .Net developer based in London and the South Coast
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s