SessionAuthenticationModule Members

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

When the STS issues a security token for the user, SessionAuthenticationModule also creates a session security token for the user and places it in a cookie. On subsequent requests, the SessionAuthenticationModule intercepts this cookie and uses it to reconstruct the user’s IClaimsPrincipal.

The following tables list the members exposed by the SessionAuthenticationModule type.

Public Constructors

  Name Description
  SessionAuthenticationModule Initializes an instance of SessionAuthenticationModule.


Public Properties

  Name Description
public property ContextSessionSecurityToken Returns the active SessionSecurityToken for the current HttpContext.
public property CookieHandler The CookieHandler used to read, write, and delete session cookies.
public property IsSessionMode Get or sets if mode is session.
public property ServiceConfiguration  Gets or sets the ServiceConfiguration in effect for this module. (Inherited from HttpModuleBase)


Public Methods

(see also Protected Methods)

  Name Description
public method AuthenticateSessionSecurityToken Authenticates the incoming request by updating the current HTTP context and thread principal with the provided SessionSecurityToken.
public method ContainsSessionTokenCookie Determines if a session cookie is in the provided cookie collection.
public method CreateSessionSecurityToken Creates a SessionSecurityToken using the configured handler.
public method DeleteSessionTokenCookie Deletes any session cookies.
public method Dispose  Disposes of the resources used by the module. (Inherited from HttpModuleBase)
public method Equals  (Inherited from Object)
public method GetHashCode  (Inherited from Object)
public method GetType  (Inherited from Object)
public method Init  Initializes the module. (Inherited from HttpModuleBase)
public method ReadSessionTokenFromCookie Reads a SessionSecurityToken from a session cookie.
public method SignOut Sign out the current user and fire the associated events.
public method ToString  (Inherited from Object)
public method TryReadSessionTokenFromCookie Reads a SessionSecurityToken from a session cookie and returns a value that indicates whether the session cookie was read.
public method WriteSessionTokenToCookie Writes a SessionSecurityToken to a session cookie.


Protected Methods

  Name Description
protected method Finalize  (Inherited from Object)
protected method InitializeModule Overridden. Initializes the module and prepares it to handle events from the module's ASP.NET application object.
protected method InitializePropertiesFromConfiguration Initialize module properties based on definitions in the configuration file.
protected method MemberwiseClone  (Inherited from Object)
protected method OnAuthenticateRequest Handles AuthenticateRequest event from the ASP.NET pipeline. Checks if a cookie is present and reads the cookie as a SessionSecurityToken. Raises the OnSessionSecurityTokenReceived event. Sets the Thread.CurrentPrincipal to ClaimsPrincipal. Raises the OnSignInError event when the SessionSecurityToken fails validation.
protected method OnPostAuthenticateRequest Event handler for Application.PostAuthenticateRequest
protected method OnSessionSecurityTokenCreated Raise the SessionSecurityTokenCreated event.
protected method OnSessionSecurityTokenReceived Raise the SessionSecurityTokenReceived event.
protected method OnSignedOut Raise the SignedOut event.
protected method OnSigningOut Raise the SigningOut event.
protected method OnSignOutError Raise the SignOutError event.
protected method SetPrincipalFromSessionToken Sets the principals on the HttpContext and Thread to that of the provided session token.
protected method ValidateSessionToken Ensures that the SessionSecurityToken is valid.


Public Events

  Name Description
public event SessionSecurityTokenCreated Occurs when a session security token has been created.
public event SessionSecurityTokenReceived Occurs when a session security token has been read from a cookie.
public event SignedOut Event raised after the user is signed out.
public event SigningOut Occurs before deleting the sign-in session.
public event SignOutError Event raised when signout error occurs.


See Also


SessionAuthenticationModule Class
Microsoft.IdentityModel.Web Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.