Export (0) Print
Expand All

Terminating a User Session (Expiring a Token)

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

The latest Enterprise Library information can be found at the Enterprise Library site.

An example of when you may want to expire a token is to make sure that the token cannot be used by an attacker after a user logs out. You can also use the approach described here to expire a user principal or a user identity.

In this scenario, the goal is to make sure that the token corresponding to a user identity is expired.

Call the ExpireIdentity method on the security cache object.

For an extended example of how to use the ExpireIdentity method to expire a token corresponding to a user identity, see Walkthrough: Terminate a User Session.

The following code shows how to use the ExpireIdentity method.

ISecurityCacheProvider secCache = SecurityCacheFactory.GetSecurityCacheProvider("Caching Store Provider");

// Cache the identity. 
IToken token = secCache.SaveIdentity(new GenericIdentity("Username"));

// Expire the identity.

Alternately, you can use the ExpirePrincipal or ExpireProfile methods to remove the principal or profile information associated with a token from the cache.

The code shown above uses a factory class in the Security Application Block to obtain an instance of the security cache provider it requires. As an alternative, you can use the Unity Integration approach to create instances of the objects in the Security Application Block. For more details of the integration of Enterprise Library and the Unity Application Block, see Creating Objects Using the Unity Application Block.

© 2014 Microsoft