I have a passive STS set up for a new application I’m working on.
I’ve noticed that when a user’s session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user’s log on expire after a certain period of inactivity similar to how the session expires.
I am familiar with how to sign a user out with a few lines of code. How can I make it so that the user is automatically signed out after a specified period of inactivity?
Currently, I have some code in the global.asax file that programmatically checks when the last request was and compares it to the current time; it then signs the user out if a certain period of time has expired.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Peter Kron has proposed an answer in your MSDN thread:
Handle the SessionSecurityTokenCreated event raised by WSFederationAuthenticationModule. In that you can create a new SessionSecurityToken from the proposed token, and set the lifetime as you please.
http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/6b6d51ea-9c15-4744-800b-dd1379b495c3
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0