问题描述

我在我的 ASP.NET MVC 3 项目中使用 Windows Identity Foundation (WIF) 进行身份验证.我已经使用 SDK(具有表单身份验证的 ASP.NET 站点)中提供的默认模板创建了简单的安全令牌服务 (STS).

I'm using Windows Identity Foundation (WIF) for authentication in my ASP.NET MVC 3 project. I've created simple security token service (STS) using default template available in the SDK (ASP.NET site with forms authentication).

一切正常，除了我的安全会话令牌生命周期(在依赖方 (RP) 上生成的一个，即 ASP.NET MVC 站点)似乎设置为 10 分钟，尽管生成了 STS安全令牌的有效期为 1 小时.

Everything works fine, apart from the fact that my security session token lifetime (the one that is being generated on the relying party (RP), i.e. ASP.NET MVC site) seems to be set to 10 minutes despite that STS generated security token has lifetime of 1 hour.

我尝试在 SessionAuthenticationModule_SessionSecurityTokenReceived 事件中更改 STS 本身的令牌生存期和在 RP 上生成的安全会话令牌的生存期.相同的结果 - 10 分钟后 RP 将客户端重定向到 STS 进行身份验证.

I've tried to change token lifetime on the STS itself and lifetime of security session token generated on the RP in the SessionAuthenticationModule_SessionSecurityTokenReceived event. Same result - after 10 minutes RP redirects client to STS for authentication.

我似乎遗漏了一些非常明显的东西，但我无法理解.如果有人能帮助我，我将不胜感激.

It seems that I'm missing something really obvious but I can't put my finger on it. Would really appreciate if someone could help me out.

推荐答案

您的 STS 发布的令牌和您的 RP 应用程序建立的会话 cookie 是两个独立的东西，它们都有自己的生命周期.在您的 RP 使用令牌后，其生命周期对 RP 创建以建立会话的 cookie 的生命周期没有影响.但是您可以像这样在 web.config 中配置会话生存期:

The token your STS issues and the session cookie your RP application establishes are two separate things, both have their own lifetimes. After the token is consumed by your RP, its lifetime has no effect on the lifetime of the cookie that your RP creates to establish a session. But you can configure your session lifetime in your web.config like so:

如何增加会话WIF/SAML 令牌/FedAuth cookie 超时

这篇关于Windows Identity Foundation - 信赖方会话安全令牌生命周期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！