How to detect if WSFederation session has expired or ended?

Question

0.00/5 (No votes)

See more:

I have a several methods in controller:

C#

public ActionResult Issue()
{
    var message = WSFederationMessage.CreateFromUri(HttpContext.Request.Url);

    // sign in
    var signinMessage = message as SignInRequestMessage;
    if (signinMessage != null)
    {
        return ProcessWSFederationSignIn(signinMessage, ClaimsPrincipal.Current);
    }

    // sign out
    var signoutMessage = message as SignOutRequestMessage;
    if (signoutMessage != null)
    {
        return ProcessWSFederationSignOut(signoutMessage);
    }

    return View("Error");
}

And the most valuable for me in this question:

C#

private ActionResult ProcessWSFederationSignOut(SignOutRequestMessage message)
{
    FederatedAuthentication.SessionAuthenticationModule.SignOut();

    var mgr = new SignInSessionsManager(HttpContext, _cookieName);

    // check for return url
    if (!string.IsNullOrWhiteSpace(message.Reply) && mgr.ContainsUrl(message.Reply))
    {
        ViewBag.ReturnUrl = message.Reply;
    }

    return View("Signout");
}

All works fine, but, there are interesting moment. This thing works in both cases, if I ended session by myself, or session simply expired. Its fine but actually, I need to tell the difference between those cases, write in ViewBag something like "You are singed out" or "Session expired" depends on result and show it oy the View.

Is there are some kind of way to detect session expired situations or should it be something different?

P.S Sorry for my bad English.

Posted 9-Nov-14 19:36pm

Member 10503105

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kornfeld Eliyahu Peter · Answer 1 · 2014-11-09T19:57:00

Solution 1

When looking on a session after it has been terminated, it is impossible to tell how it's done...
The best thing is using some variable on your own session or some cookie that you initialize whenever you start a session with that web-server...When you are executing the logout, to end the session, clear that variable...If session ended without you login the varaible will be there and you can inform end user about time-out...

Posted 9-Nov-14 19:57pm

Kornfeld Eliyahu Peter

Comments

Member 10503105 10-Nov-14 2:11am

Em, does I understand you correct... to tell when session is expired or not, I need to use normal session? I know that I should do something before I am getting to .SignOut() but to use another session to describe another one sounds just... wrong to me.

Kornfeld Eliyahu Peter 10-Nov-14 2:19am

As I see this code is part of a web application - so you already have an IIS session, want it or not...
Now you are opening an other session to talk to WSFederation and want to see it that session ended by timeout or logout...
For that you have to set up a flag that independent from the WSFederation's session, but part of your application...You have a few choices - DB, IIS session, cookie...

Member 10503105 10-Nov-14 2:43am

So, WSFederation doesn't have anything inside itself to somehow check it?

Kornfeld Eliyahu Peter 10-Nov-14 2:47am

You are connected to WSFederation via session created upon login - how do you expect to check that session after it finished?!