WSFederationAuthenticationModule.SessionSecurityTokenCreated Event


Occurs when a session security token has been created from the security token received from a security token service (STS).

 event EventHandler<System::IdentityModel::Services::SessionSecurityTokenCreatedEventArgs ^> ^ SessionSecurityTokenCreated;
public event EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> SessionSecurityTokenCreated;
member this.SessionSecurityTokenCreated : EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> 
Public Custom Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) 
Public Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) 

Event Type



void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
    //Manipulate session token here, for example, changing its expiration value
    System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenCreated event");
    System.Diagnostics.Trace.WriteLine("Key valid from: " + e.SessionToken.KeyEffectiveTime);
    System.Diagnostics.Trace.WriteLine("Key expires on: " + e.SessionToken.KeyExpirationTime);


You can add an event handler to modify the session token before it is used to set the thread principal and is written to the session cookie. In the event handler, you can access the session token through the SessionSecurityTokenCreatedEventArgs.SessionToken property. You can specify whether a session cookie should be written by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property.

This event is raised from inside the OnAuthenticateRequest event-handler delegate when processing a WS-Federation sign-in response message ("wsignin1.0") received from the security token service (STS). It is raised just after the security token that was deserialized from the wresult or the wresultptr parameter in the sign-in response message has been validated, and before the claims principal is set on the Thread.CurrentPrincipal (and on the User property of HttpContext.Current).


To operate sessions in reference mode, Microsoft recommends providing a handler for the WSFederationAuthenticationModule.SessionSecurityTokenCreated event in the global.asax.cs file and setting the SessionSecurityToken.IsReferenceMode property on the token passed in the SessionSecurityTokenCreatedEventArgs.SessionToken property. This will ensure that the session token operates in reference mode for every request and is favored over merely setting the SessionAuthenticationModule.IsReferenceMode property on the Session Authentication Module.

Applies to