.net 4.5 - What is an appropriate strategy for refreshing claims in a passive scenario? -

-

i have .net 4.5 claims-aware application hosted in windows azure. there web role hosts mvc site , worker role runs jobs in background. users can choose remain permanently logged in.

here code claimsauthenticationmanager:

public claimsprincipal login(string username, bool rememberme = false) {     claimsprincipal principal = authenticate(null, principalfactory.createformsprincipal(username));     setsessioncookie(principal, rememberme ? timespan.maxvalue : timespan.fromdays(1));     return principal; }  public override claimsprincipal authenticate(string resourcename, claimsprincipal incomingprincipal) {     if (!incomingprincipal.identity.isauthenticated)     {         return base.authenticate(resourcename, incomingprincipal);     }      return principalfactory.create(incomingprincipal.identity.name, incomingprincipal.identity.authenticationtype); }  private static void setsessioncookie(claimsprincipal principal, timespan lifetime) {     var sessionsecuritytoken = new sessionsecuritytoken(principal, lifetime)         {             isreferencemode = true         };     federatedauthentication.sessionauthenticationmodule.writesessiontokentocookie(sessionsecuritytoken); }

in simple refresh case user performs action (e.g., purchases/cancels subscription) on site, can done by:

  1. issuing new token , re-writing cookie or
  2. logging user out (deleting cookie) , having them re-authenticate

what need guidance on how/when refresh user's claims when change result of non-user-originated event.

imagine following scenarios:

  1. a user specifices "remember me" , logs in successfully. has cookie never expires. purchases subscription via site. claims refreshed via option #1 above. 1 month later, subscription lapses because chose not renew. cookie still valid , claims associated subscription still active.

  2. a new user creates account , logs in specifying "remember me". has cookie never expires includes claim granting free 1 week trial of special functionality. 1 week later, background job (executing via worker role) removes record of free trial in underlying data store. however, user's cookie still has free trial claim.

in both scenarios, if user logged out , in on own, problem solve itself. but, if user takes no specific action log out, cookie contains invalid claims.

how handle cases these?

as i've been composing question, occurred me logical thing set cookie's expiration date intended lifetime of shortest-lived claim in claims collection.

is there better or different strategy?

any guidance appreciated.

thanks.

for reference, have read following posts on related topics:

  1. how update claim when using session authentication module (sam)
  2. updating claims adfs , wif
  3. http://social.msdn.microsoft.com/forums/en-us/geneva/thread/bc1d21df-837e-4686-84cd-f918d26720a2
  4. http://social.msdn.microsoft.com/forums/en-us/geneva/thread/70edda22-c006-4868-8483-60067cc500b1


Comments

Post a Comment

Popular posts from this blog

Hatching array of circles in AutoCAD using c# -

-
i beginner in autocad plugins .i have created array of circle using following code. now, have hatch circles in array .how that??how hatch circles @ once? moreover, how can return hatch method , use hatch objects.sorry language.thanks in advance. [assembly: commandclass(typeof(beamsection.class1))] namespace beamsection { public class class1 { //class1 obj = new class1(); [commandmethod("beamatsupport")] public void addlightweightpolyline() { // current document , database document acdoc = application.documentmanager.mdiactivedocument; database accurdb = acdoc.database; promptpointresult ppr = acdoc.editor.getpoint("\nselect starting point "); var ucs = acdoc.editor.currentusercoordinatesystem; point3d startingpt = ppr.value.transformby(ucs); list<double> radius = new list<double>(); radius.add(0.5);
Read more

ios - UITEXTFIELD InputView Uipicker not working in swift -

-
hello trying pop uipickerview view programmatically when user clicks on textfield. have tried doesn't doing anything. isn't working. nothing happening when click textfield class userprofiletableviewcontroller: uitableviewcontroller,uitextfielddelegate,uipickerviewdelegate,uipickerviewdatasource { var itempicker: uipickerview! = uipickerview() @iboutlet weak var gendertxtfield: uitextfield! var gender = ["male","female"] override func viewdidload() { super.viewdidload() gendertxtfield.delegate = self itempicker!.delegate = self itempicker!.datasource = self itempicker!.backgroundcolor = uicolor.blackcolor() self.gendertxtfield.inputview = itempicker } func numberofcomponentsinpickerview(pickerview: uipickerview) -> int{ return 1 } // returns # of rows in each component.. func pickerview(pickerview: uipickerview, numberofrowsincomponent component:
Read more

Python Pig Latin Translator -

-
so have been working on @ codecademy.com while trying learn python. don't know if blind , can't see why won't work or what. here's code won't let me use. function print variable if had typed in , print "empty" if didn't type anything. print "welcome english pig latin translator!" original = raw_input("what's name?") if len(original) > 0 print original else print "empty" if len(original) > 0 else the above lines contains syntax errors. try: if len(original) > 0: else: note added colons, ( : ).
Read more