Export (0) Print
Expand All

SessionSecurityToken Class

.NET Framework 4.5

Defines a security token that contains data associated with a session.

System.Object
  System.IdentityModel.Tokens.SecurityToken
    System.IdentityModel.Tokens.SessionSecurityToken

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

[SerializableAttribute]
public class SessionSecurityToken : SecurityToken, 
	ISerializable

The SessionSecurityToken type exposes the following members.

  NameDescription
Public methodSessionSecurityToken(ClaimsPrincipal)Initializes a new instance of the SessionSecurityToken class from the specified principal.
Public methodSessionSecurityToken(ClaimsPrincipal, String)Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token.
Public methodSessionSecurityToken(ClaimsPrincipal, TimeSpan)Initializes a new instance of the SessionSecurityToken class from the specified principal. The new token is valid from UtcNow through the specified lifetime.
Protected methodSessionSecurityToken(SerializationInfo, StreamingContext)Initializes a new instance of the SessionSecurityToken class with serialized data.
Public methodSessionSecurityToken(ClaimsPrincipal, String, Nullable<DateTime>, Nullable<DateTime>)Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time.
Public methodSessionSecurityToken(ClaimsPrincipal, String, String, Nullable<DateTime>, Nullable<DateTime>)Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time. The new token is scoped to the specified endpoint.
Public methodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, TimeSpan, SymmetricSecurityKey)Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, lifetime, and key.
Public methodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, DateTime, TimeSpan, SymmetricSecurityKey)Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, valid timestamp, lifetime, and key.
Public methodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, Nullable<DateTime>, Nullable<DateTime>, SymmetricSecurityKey)Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, start time, expiration time, and key.
Top

  NameDescription
Public propertyClaimsPrincipalGets the claims principal associated with the session.
Public propertyContextGets a user specified context value.
Public propertyContextIdGets the session context identifier
Public propertyEndpointIdGets the ID of the endpoint to which this token is scoped.
Public propertyIdGets the unique identifier of this token. (Overrides SecurityToken.Id.)
Public propertyIsPersistentGets or sets a value that indicates whether the cookie represented by this token is persistent.
Public propertyIsReferenceModeGets or sets a value that indicates whether the session security token is operating in reference mode.
Public propertyKeyEffectiveTimeGets the time instant from which the key in this token is valid.
Public propertyKeyExpirationTimeGets the time instant after which the key in this token is no longer valid.
Public propertyKeyGenerationGets the identifier for the key generation in this token
Public propertySecureConversationVersionGets a URI that identifies the version of WS-Secure Conversation that is used to serialize this session security token.
Public propertySecurityKeysGets the keys associated with this session. This is usually a single key. (Overrides SecurityToken.SecurityKeys.)
Public propertyValidFromGets the time instant from which the token is valid. (Overrides SecurityToken.ValidFrom.)
Public propertyValidToGets the time instant after which the token is no longer valid. (Overrides SecurityToken.ValidTo.)
Top

  NameDescription
Public methodCanCreateKeyIdentifierClause<T>Gets a value that indicates whether this security token is capable of creating the specified key identifier. (Inherited from SecurityToken.)
Public methodCreateKeyIdentifierClause<T>Creates the specified key identifier clause. (Inherited from SecurityToken.)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetObjectDataSets the SerializationInfo with information necessary to serialize the session security token.
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodMatchesKeyIdentifierClauseReturns a value that indicates whether the key identifier for this instance can be resolved to the specified key identifier. (Inherited from SecurityToken.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodResolveKeyIdentifierClauseGets the key for the specified key identifier clause. (Inherited from SecurityToken.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

A session token stores the ClaimsPrincipal of the user that is associated with a session as well as other parameters that define the session; for example the session start and end times.

In passive scenarios, the WSFederationAuthenticationModule calls into the SessionAuthenticationModule (SAM) from the authentication pipeline to create a session token from the ClaimsPrincipal that represents the authenticated user. The SAM uses its configured SessionSecurityTokenHandler to create the token and to serialize it into a cookie (and to deserialize the token from a cookie on subsequent requests). The SAM uses an instance of its configured CookieHandler class to write the cookie back to the HTTP Response. This cookie is then returned to the client and on subsequent requests the client can present the cookie rather than making a round trip back to the identity provider to re-obtain a security token. For more information about how sessions operate with WIF, see WIF Session Management. For information about using sessions in Web farm scenarios, see WIF and Web Farms.

A session token can operate in either reference mode or not. If the session token is not operating in reference mode, the entire token is serialized into the session cookie that is stored on the client. The serialized session token can be quite large and thus the cookie stored on the client can also be quite sizeable. In reference mode, rather than serializing the entire session token into the cookie, the token is stored in a session security token cache and only the information used to generate the key necessary to retrieve the token from the cache is stored in the cookie. This can greatly reduce the size of the cookie. The session token cache is implemented by a class derived from SessionSecurityTokenCache and the cache key is implemented by the SessionSecurityTokenCacheKey class. The ContextId and KeyGeneration properties are used in the SessionSecurityTokenCacheKey class to generate the cache key.

The IsReferenceMode property determines whether the session token is in reference mode or not.

Important noteImportant

To operate in reference mode, Microsoft recommends providing a handler for the WSFederationAuthenticationModule.SessionSecurityTokenCreated event in the global.asax.cs file and setting the IsReferenceMode property on the token passed in the SessionSecurityTokenCreatedEventArgs.SessionToken property. This will ensure that the session token operates in reference mode for every request and is favored over merely setting the SessionAuthenticationModule.IsReferenceMode property on the Session Authentication Module.

The SessionSecurityTokenHandler class provided with WIF serializes the session token as a WS-Secure Conversation <wsc:SecurityContextToken> element.

.NET Framework

Supported in: 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft