SessionSecurityToken Class

.NET Framework (current version)
 

Defines a security token that contains data associated with a session.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System.Object
  System.IdentityModel.Tokens.SecurityToken
    System.IdentityModel.Tokens.SessionSecurityToken

[SerializableAttribute]
public class SessionSecurityToken : SecurityToken, ISerializable

NameDescription
System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal)

Initializes a new instance of the SessionSecurityToken class from the specified principal.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, String)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, String, Nullable<DateTime>, Nullable<DateTime>)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, String, String, Nullable<DateTime>, Nullable<DateTime>)

Initializes a new instance of the SessionSecurityToken class from the specified principal and bootstrap token; and with the specified start time and expiration time. The new token is scoped to the specified endpoint.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, TimeSpan)

Initializes a new instance of the SessionSecurityToken class from the specified principal. The new token is valid from UtcNow through the specified lifetime.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, DateTime, TimeSpan, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, valid timestamp, lifetime, and key.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, Nullable<DateTime>, Nullable<DateTime>, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, start time, expiration time, and key.

System_CAPS_pubmethodSessionSecurityToken(ClaimsPrincipal, UniqueId, String, String, TimeSpan, SymmetricSecurityKey)

Initializes a new instance of the SessionSecurityToken class by using the specified principal, context ID, context, endpoint, lifetime, and key.

System_CAPS_protmethodSessionSecurityToken(SerializationInfo, StreamingContext)

Initializes a new instance of the SessionSecurityToken class with serialized data.

NameDescription
System_CAPS_pubpropertyClaimsPrincipal

Gets the claims principal associated with the session.

System_CAPS_pubpropertyContext

Gets a user specified context value.

System_CAPS_pubpropertyContextId

Gets the session context identifier

System_CAPS_pubpropertyEndpointId

Gets the ID of the endpoint to which this token is scoped.

System_CAPS_pubpropertyId

Gets the unique identifier of this token.(Overrides SecurityToken.Id.)

System_CAPS_pubpropertyIsPersistent

Gets or sets a value that indicates whether the cookie represented by this token is persistent.

System_CAPS_pubpropertyIsReferenceMode

Gets or sets a value that indicates whether the session security token is operating in reference mode.

System_CAPS_pubpropertyKeyEffectiveTime

Gets the time instant from which the key in this token is valid.

System_CAPS_pubpropertyKeyExpirationTime

Gets the time instant after which the key in this token is no longer valid.

System_CAPS_pubpropertyKeyGeneration

Gets the identifier for the key generation in this token

System_CAPS_pubpropertySecureConversationVersion

Gets a URI that identifies the version of WS-Secure Conversation that is used to serialize this session security token.

System_CAPS_pubpropertySecurityKeys

Gets the keys associated with this session. This is usually a single key.(Overrides SecurityToken.SecurityKeys.)

System_CAPS_pubpropertyValidFrom

Gets the time instant from which the token is valid.(Overrides SecurityToken.ValidFrom.)

System_CAPS_pubpropertyValidTo

Gets the time instant after which the token is no longer valid.(Overrides SecurityToken.ValidTo.)

NameDescription
System_CAPS_pubmethodCanCreateKeyIdentifierClause<T>()

Gets a value that indicates whether this security token is capable of creating the specified key identifier. (Inherited from SecurityToken.)

System_CAPS_pubmethodCreateKeyIdentifierClause<T>()

Creates the specified key identifier clause.(Inherited from SecurityToken.)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetObjectData(SerializationInfo, StreamingContext)

Sets the SerializationInfo with information necessary to serialize the session security token.

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodMatchesKeyIdentifierClause(SecurityKeyIdentifierClause)

Returns a value that indicates whether the key identifier for this instance can be resolved to the specified key identifier.(Inherited from SecurityToken.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodResolveKeyIdentifierClause(SecurityKeyIdentifierClause)

Gets the key for the specified key identifier clause.(Inherited from SecurityToken.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

A session token stores the ClaimsPrincipal of the user that is associated with a session as well as other parameters that define the session; for example the session start and end times.

In passive scenarios, the WSFederationAuthenticationModule calls into the SessionAuthenticationModule (SAM) from the authentication pipeline to create a session token from the ClaimsPrincipal that represents the authenticated user. The SAM uses its configured SessionSecurityTokenHandler to create the token and to serialize it into a cookie (and to deserialize the token from a cookie on subsequent requests). The SAM uses an instance of its configured CookieHandler class to write the cookie back to the HTTP Response. This cookie is then returned to the client and on subsequent requests the client can present the cookie rather than making a round trip back to the identity provider to re-obtain a security token. For more information about how sessions operate with WIF, see WIF Session Management. For information about using sessions in Web farm scenarios, see WIF and Web Farms.

A session token can operate in either reference mode or not. If the session token is not operating in reference mode, the entire token is serialized into the session cookie that is stored on the client. The serialized session token can be quite large and thus the cookie stored on the client can also be quite sizeable. In reference mode, rather than serializing the entire session token into the cookie, the token is stored in a session security token cache and only the information used to generate the key necessary to retrieve the token from the cache is stored in the cookie. This can greatly reduce the size of the cookie. The session token cache is implemented by a class derived from SessionSecurityTokenCache and the cache key is implemented by the SessionSecurityTokenCacheKey class. The ContextId and KeyGeneration properties are used in the SessionSecurityTokenCacheKey class to generate the cache key.

The IsReferenceMode property determines whether the session token is in reference mode or not.

System_CAPS_importantImportant

To operate in reference mode, Microsoft recommends providing a handler for the WSFederationAuthenticationModule.SessionSecurityTokenCreated event in the global.asax.cs file and setting the IsReferenceMode property on the token passed in the SessionSecurityTokenCreatedEventArgs.SessionToken property. This will ensure that the session token operates in reference mode for every request and is favored over merely setting the SessionAuthenticationModule.IsReferenceMode property on the Session Authentication Module.

The SessionSecurityTokenHandler class provided with WIF serializes the session token as a WS-Secure Conversation <wsc:SecurityContextToken> element.

.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: