tags:

views:

343

answers:

2
Q: 

Windows Identity Foundation: How to get new security token in ASP.net

I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application.

In ASP.net, security tokens are stored as cookies.

I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow.

How do I remove the token so that the user can log in again and get a new token?

A: 

Cookies are a bit strange. They are managed by the browser and there is no "Method" to delete them. Just deleting them from the Request or Response objects on the server side does not remove them from the browser on the client side.

To "Delete" a cookie you have to set it's expiration date to the past.

See: http://msdn.microsoft.com/en-us/library/ms178195.aspx

Mark Arnott  2010-03-15 19:23:05
I've tried to remove the cookie this way, but it looks like some module in the WIF framework is not allowing it.
Rice Flour Cookies  2010-04-19 19:06:36
+1  A: 

I found the solution. To put it succinctly:

   Dim smartWsFederationAuthenticationModule As  _
        Microsoft.IdentityModel.Web.WSFederationAuthenticationModule = _
        HttpContext.Current.ApplicationInstance.Modules("WSFederationAuthenticationModule")
    smartWsFederationAuthenticationModule.SignOut(True)

See here for more information: http://garrettvlieger.com/blog/2010/03/refreshing-claims-in-a-wif-claims-aware-application/

I also see that I can get handles to some other parts of the WIF framework this was, as well. It's definitely worth the read.

Rice Flour Cookies  2010-04-19 19:08:02

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps