Session cookie Unable to read the MachineKeySessionSecurityTokenHandler SessionSecurityToken in ASP.NET MVC APP -


in project setup, don't have identity provider, instead, use 1 of cookie value set our internal system authentication , transform values claims identity.

once claims identity created, planning write identity session cookie of application, using sessionauthenticationmodule, , machinekeysessionsecuritytokenhandler below.

                sessionsecuritytoken token = new sessionsecuritytoken(principal);                         var handler = new machinekeysessionsecuritytokenhandler(new timespan(3, 30, 30));                         var securitytoken = handler.writetoken(token);                         sessionauthenticationmodule sam = new sessionauthenticationmodule();                         sam.cookiehandler.requiressl = false; // required localhost work                         sam.cookiehandler.write(securitytoken, "token", datetime.today.adddays(1));

however, when reading cookie setup, unable parse sessionsecuritytoken or claims identity. read cookie , transform claims of great help.

i used following code snippet reading cookie back, getting error @ handler.readtoken method saying " id4008: 'securitytokenhandler' not provide implementation 'readtoken'." error message. 

                //check if cgx session cookie available                 sessionauthenticationmodule sam = new sessionauthenticationmodule();                 sam.cookiehandler.name = "token";                 sam.cookiehandler.requiressl = false;                 var securitytoken = sam.cookiehandler.read(filtercontext?.httpcontext.applicationinstance.context);                  if (securitytoken != null)                 {                     var handler = new machinekeysessionsecuritytokenhandler(new timespan(3, 30, 30));                     var tokenstring = convert.tobase64string(securitytoken);                     var token = handler.readtoken(tokenstring) sessionsecuritytoken;                     if (token != null) sam.authenticatesessionsecuritytoken(token, true);                 }

what right approach read , validate cookie value set application. stated mvc application responsible creating cookie , validating on subsequent requests.

finally, i've found solution claims identity working scenario.

this configure wif 4.5 mix of custom or forms authentication, without having setup identity providers (sts), asp.net mvc application rp setup authentication , utilize on subsequent requests on webfarm scenario.

would add answer in similar need can utilize this. before go code part, add configurations critical in achieving results expected.

add following configs in web.config.

this setup identity related configurations use, 

<configsections> <!--wif 4.5 sections --> <section name="system.identitymodel" type="system.identitymodel.configuration.systemidentitymodelsection, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/> <section name="system.identitymodel.services" type="system.identitymodel.services.configuration.systemidentitymodelservicessection, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/> </configsections>

below one's defining security token handler , cookie handler, 

<system.identitymodel> <identityconfiguration>   <securitytokenhandlers>     <remove type="system.identitymodel.tokens.sessionsecuritytokenhandler, system.identitymodel, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" />     <add type="system.identitymodel.services.tokens.machinekeysessionsecuritytokenhandler, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" />   </securitytokenhandlers> </identityconfiguration> </system.identitymodel>  <system.identitymodel.services> <federationconfiguration>   <cookiehandler name ="yourtokenname" mode="default" requiressl ="false">     <chunkedcookiehandler chunksize="3000"/>   </cookiehandler> </federationconfiguration> </system.identitymodel.services>

add following configs setting machine key using machinekeysessionsecuritytokenhandler webfarm scenario, , include sessionauthenticationmodule in system.web section make work on localhost iis express vs2015 of writing answer. 

<system.web>      <machinekey decryptionkey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" validationkey="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />      <httpmodules>          <add name="sessionauthenticationmodule" type="system.identitymodel.services.sessionauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/>      </httpmodules> </system.web>

the following configs iis 7.0 or above web farm servers,

<system.webserver>     <modules runallmanagedmodulesforallrequests="true">        <add name="wsfederationauthenticationmodule" type="system.identitymodel.services.wsfederationauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/>        <add name="sessionauthenticationmodule" type="system.identitymodel.services.sessionauthenticationmodule, system.identitymodel.services, version=4.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089"/>     </modules> </system.webserver>

once configs setup, it's simple access setup claims identity, claims principal, authentication, security token , cookie. follows,

if use anti-forgery token cors in web application need define uniqueclaimtypeidentifier set tell anti-forgery token generator use unique identifier part of machine key encryption, otherwise anti-forgery wont work claims identity.

in global.asax

// set unique identifier antiforgery token generator antiforgeryconfig.uniqueclaimtypeidentifier = claimtypes.nameidentifier;

place below snippet in login method or code path kick start authentication,

// step 1: setup identity var appclaims = new list<claim>{          new claim(claimtypes.name, "your name claim"),          new claim("userid", "user id claim"),          new claim(claimtypes.nameidentifier, "name identifier claim must"),   } claimsidentity identity = new claimsidentity(appclaims,"name of identity"); // step 2: setup principal claimsprincipal principal = new claimsprincipal(claimsidentity);  //step 3: below code path sets claims principal, using sessionauthenticationmodule, authenticates principal , sets httpcontext , current thread, sets cookie in browser. var authedcp = federatedauthentication.federationconfiguration.identityconfiguration.claimsauthenticationmanager.authenticate("name", principal); var token = federatedauthentication.sessionauthenticationmodule.createsessionsecuritytoken(authedcp, "issuer name", datetime.utcnow, datetime.utcnow.addhours(1), false); // debug mode in localhost, make cookie written local http or https set true federatedauthentication.sessionauthenticationmodule.cookiehandler.requiressl = false;     federatedauthentication.sessionauthenticationmodule.authenticatesessionsecuritytoken(token, true);

place snippet, need validate if cookie contains claims details , authenticate again on subsequent requests (action filter maybe),

//check if session cookie available sessionauthenticationmodule sam = federatedauthentication.sessionauthenticationmodule; sam.cookiehandler.name = "token name"; sam.cookiehandler.requiressl = false; //for local host, https make true var securitytoken = sam.cookiehandler.read(filtercontext?.httpcontext.applicationinstance.context);  if (securitytoken != null) {     sessionsecuritytoken sessiontoken = null;     var readstatus = sam.tryreadsessiontokenfromcookie(out sessiontoken);     if (sessiontoken != null)     {         sam.authenticatesessionsecuritytoken(sessiontoken, true);     } }

now have claims principal , claims identity setup on httpcontext , thread cookie stored on subsequent requests. can access anytime within request pipeline, watch out cookie size when add more claims identity.

i thank sander blog post https://itq.nl/mixing-forms-authentication-with-claims-based-authorisation-in-asp-net/ helped me setup later pieces of accessing tokens..


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more