.NET 4.5 SessionAuthenticationModule

0
votes

I am trying to use a SessionAuthenticationModule to create a token and write it to the cookies instead of using the old FormAuthentication.SetAuthCookie. This is so I can also add claims to my principal and have them available on every request.

It works fine on my own computer but when I deploy to the server I am getting this error: Specified argument was out of the range of the valid values. Parameter name: keyExpirationTime

Source: System.IdentityModel Stack Trace pointsto one of the overloaded constructors - it seems to have gone from my original call to CreateSessionSecurityToken through the TokenHandler and then via a couple of constructors.

My SessionAuthenticationModule is a class I have written myself but derives from System.IdentityModel.Services.SessionAuthenticationModule and overrides the OnPostAuthenticateRequest.

I am sending in DateTime.Now and DateTime.Now.AddMinutes(20) for the validFrom and validTo params (on a separate note, can this be a configuration setting and if so where? - obviously I could set up an AppSetting for the minutes but presumably there is a security configuration setting somewhere?)

I have searched for this error message but cannot find any mention of it.

I have used FederationAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken and have also tried HttpContext.Current.ApplicationInstance.Modules("SessionAuthenticationModule") - both work on my dev machine but neither work on the server.

The server has Windows 2008 R2, I have Windows 7 Professional. Both have IIS 7.5.7600.16385. Both have .NET 4.5 installed using the dotNetFx45_Full_setup.exe v4.5.50709.17929. For testing I am just using a virtual app under the Default Web Site which uses a 64-bit app pool with an Integrated pipeline and both app pools run under the AppPoolIdentity.

The CreateSessionSecurityToken is called from a page which executes after the sessionauthennticationmodule has added a claim.

It's bound to be something fairly simple but I need help figuring out what it is! Would really appreciate some help.

thanks Phil

1
.net.net-4.5wifclaims-based-identityasp.net-4.5

1 Answers

3
votes

All samples says "Use DateTime.UtcNow", can you try it? Also you can paste null to a ValidTo to specify that the value should be determined by adding the value of the SessionSecurityTokenHandler.DefaultTokenLifetime property to the time specified by the validFrom parameter.