SessionSecurityToken Class

Definition

Defines a security token that contains data associated with a session.

[System.Serializable]
public class SessionSecurityToken : System.IdentityModel.Tokens.SecurityToken, System.Runtime.Serialization.ISerializable
Inheritance
SessionSecurityToken
Attributes
Implements

Remarks

A session token stores the ClaimsPrincipal of the user that is associated with a session as well as other parameters that define the session; for example the session start and end times.

In passive scenarios, the WSFederationAuthenticationModule calls into the SessionAuthenticationModule (SAM) from the authentication pipeline to create a session token from the ClaimsPrincipal that represents the authenticated user. The SAM uses its configured SessionSecurityTokenHandler to create the token and to serialize it into a cookie (and to deserialize the token from a cookie on subsequent requests). The SAM uses an instance of its configured CookieHandler class to write the cookie back to the HTTP Response. This cookie is then returned to the client and on subsequent requests the client can present the cookie rather than making a round trip back to the identity provider to re-obtain a security token. For more information about how sessions operate with WIF, see WIF Session Management. For information about using sessions in Web farm scenarios, see WIF and Web Farms.

A session token can operate in either reference mode or not. If the session token is not operating in reference mode, the entire token is serialized into the session cookie that is stored on the client. The serialized session token can be quite large and thus the cookie stored on the client can also be quite sizeable. In reference mode, rather than serializing the entire session token into the cookie, the token is stored in a session security token cache and only the information used to generate the key necessary to retrieve the token from the cache is stored in the cookie. This can greatly reduce the size of the cookie. The session token cache is implemented by a class derived from SessionSecurityTokenCache and the cache key is implemented by the SessionSecurityTokenCacheKey class. The ContextId and KeyGeneration properties are used in the SessionSecurityTokenCacheKey class to generate the cache key.

The IsReferenceMode property determines whether the session token is in reference mode or not.

Important

To operate in reference mode, Microsoft recommends providing a handler for the WSFederationAuthenticationModule.SessionSecurityTokenCreated event in the global.asax.cs file and setting the IsReferenceMode property on the token passed in the SessionSecurityTokenCreatedEventArgs.SessionToken property. This will ensure that the session token operates in reference mode for every request and is favored over merely setting the SessionAuthenticationModule.IsReferenceMode property on the Session Authentication Module.

The SessionSecurityTokenHandler class provided with WIF serializes the session token as a WS-Secure Conversation <wsc:SecurityContextToken> element.

Constructors

SessionSecurityToken(ClaimsPrincipal, String, Nullable<DateTime>, Nullable<DateTime>)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time.

SessionSecurityToken(ClaimsPrincipal, String, String, Nullable<DateTime>, Nullable<DateTime>)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time. The new token is scoped to the specified endpoint.

SessionSecurityToken(ClaimsPrincipal, String)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token.

SessionSecurityToken(ClaimsPrincipal, TimeSpan)

Initializes a new instance of the SessionSecurityToken class from the specified principal. The new token is valid from UtcNow through the specified lifetime.

SessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, DateTime, TimeSpan, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, valid timestamp, lifetime, and key.

SessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, Nullable<DateTime>, Nullable<DateTime>, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, start time, expiration time, and key.

SessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, TimeSpan, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, lifetime, and key.

SessionSecurityToken(ClaimsPrincipal)

Initializes a new instance of the SessionSecurityToken class from the specified principal.

SessionSecurityToken(SerializationInfo, StreamingContext)

Initializes a new instance of the SessionSecurityToken class with serialized data.

Properties

ClaimsPrincipal

Gets the claims principal associated with the session.

Context

Gets a user specified context value.

ContextId

Gets the session context identifier.

EndpointId

Gets the ID of the endpoint to which this token is scoped.

Id

Gets the unique identifier of this token.

IsPersistent

Gets or sets a value that indicates whether the cookie represented by this token is persistent.

IsReferenceMode

Gets or sets a value that indicates whether the session security token is operating in reference mode.

KeyEffectiveTime

Gets the time instant from which the key in this token is valid.

KeyExpirationTime

Gets the time instant after which the key in this token is no longer valid.

KeyGeneration

Gets the identifier for the key generation in this token.

SecureConversationVersion

Gets a URI that identifies the version of WS-Secure Conversation that is used to serialize this session security token.

SecurityKeys

Gets the keys associated with this session. This is usually a single key.

ValidFrom

Gets the time instant from which the token is valid.

ValidTo

Gets the time instant after which the token is no longer valid.

Methods

CanCreateKeyIdentifierClause<T>()

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

(Inherited from SecurityToken)
CreateKeyIdentifierClause<T>()

Creates the specified key identifier clause.

(Inherited from SecurityToken)
Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetObjectData(SerializationInfo, StreamingContext)

Sets the SerializationInfo with information necessary to serialize the session security token.

GetType()

Gets the Type of the current instance.

(Inherited from Object)
MatchesKeyIdentifierClause(SecurityKeyIdentifierClause)

Returns a value that indicates whether the key identifier for this instance can be resolved to the specified key identifier.

(Inherited from SecurityToken)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ResolveKeyIdentifierClause(SecurityKeyIdentifierClause)

Gets the key for the specified key identifier clause.

(Inherited from SecurityToken)
ToString()

Returns a string that represents the current object.

(Inherited from Object)

Applies to

Product Versions
.NET Framework 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1

See also