I have an asp.net application (relying party) that uses a passive STS for authentication and retrieval of claim values. The relying party is using the FederatedAuthenticationModule (FAM) to enable a passive redirect to the sts. I found documentation on how to specify required claims when using InformationCards, but have yet to find det...
I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token...
Currently I am working on a LOB Silverlight application. Eventually, I need to implement a single sign-on for the new app and an old Classic ASP web app. Right now, the Silverlight App is secured using Forms Authentication through a custom Membership Provider. Reading online, I've come to think that Passive Federated Security is what I ...
I have a web application and would want it to be secured using a Custom STS using Windows Identity foundation 3.5. All examples have a passive STS in scene. Why is this needed? and What happens if you call the Active STS 9Custom written using WIF) directly? ...
In IIS 7.5 under Windows 7 Utilmate, I have an application which is configured for authentication as follows: Anonymous & Windows In the ASP.NET Website, I have turned Forms authentication and identity impersonate = true I also deny any anonymous users. <authentication mode="Forms"> </authentication> <identity impersonate="true"/> <aut...
I have a passive STS set up for a new application I'm working on. I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. ...
Two questions: 1) How/where do I set the lifetime of the session cookie in my web application when using an STS to get claims? From what I can tell, it seems I can only do this programmatically in the ServiceConfigurationCreated event. 2) How/where can I make sure that the expiration is sliding? ...
I want to configure the timeout duration that is applied to the cookies that are created on relying party after a user logs in through the passive Security Token Service (STS). I believe I read somewhere this is defaulted to 14 minutes however I can't find where I read this any longer. I would like to up this to a more reasonable 35 mi...