WSFederationAuthenticationModule.SessionSecurityTokenCreated Event
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Occurs when a session security token has been created from the security token received from a security token service (STS).
public:
event EventHandler<System::IdentityModel::Services::SessionSecurityTokenCreatedEventArgs ^> ^ SessionSecurityTokenCreated;public event EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> SessionSecurityTokenCreated;member this.SessionSecurityTokenCreated : EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> Public Custom Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) Public Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) Event Type
Examples
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
//Manipulate session token here, for example, changing its expiration value
System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenCreated event");
System.Diagnostics.Trace.WriteLine("Key valid from: " + e.SessionToken.KeyEffectiveTime);
System.Diagnostics.Trace.WriteLine("Key expires on: " + e.SessionToken.KeyExpirationTime);
}
Remarks
You can add an event handler to modify the session token before it is used to set the thread principal and is written to the session cookie. In the event handler, you can access the session token through the SessionSecurityTokenCreatedEventArgs.SessionToken property. You can specify whether a session cookie should be written by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property.
This event is raised from inside the OnAuthenticateRequest event-handler delegate when processing a WS-Federation sign-in response message ("wsignin1.0") received from the security token service (STS). It is raised just after the security token that was deserialized from the wresult or the wresultptr parameter in the sign-in response message has been validated, and before the claims principal is set on the Thread.CurrentPrincipal (and on the User property of HttpContext.Current).
Important
To operate sessions in reference mode, Microsoft recommends providing a handler for the WSFederationAuthenticationModule.SessionSecurityTokenCreated event in the global.asax.cs file and setting the SessionSecurityToken.IsReferenceMode property on the token passed in the SessionSecurityTokenCreatedEventArgs.SessionToken property. This will ensure that the session token operates in reference mode for every request and is favored over merely setting the SessionAuthenticationModule.IsReferenceMode property on the Session Authentication Module.
