Switching to WIF SessionMode in ASP.NET

To make it short: to switch to SessionMode (cache to server) in ASP.NET, you need to handle an event and set a property. Sounds easy – but you need to set it in the right place.

The most popular blog post about this topic is from Vittorio. He advises to set IsSessionMode in WSFederationAuthenticationModule_SessionSecurityTokenCreated.

Now there were some open questions on forum, like this one. So I decided to try it myself – and indeed it didn’t work for me as well. So I digged a little deeper, and after some trial and error I found the right place (in global.asax):

void WSFederationAuthenticationModule_SecurityTokenValidated(
object sender, SecurityTokenValidatedEventArgs
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;

Not sure if anything has changed since Vittorio’s post – but this worked for me.

While playing around, I also wrote a little diagnostics tool that allows you to look into the session cookie (for educational purposes). Will post that soon.


This entry was posted in IdentityModel. Bookmark the permalink.

5 Responses to Switching to WIF SessionMode in ASP.NET

  1. Hi,

    I moved my application to .NET framework 4.5 and it looks like this property is not included in the new version of WIF.. So far, my application didn’t experience any problems.

    Not sure if this issue is fixed in the new version…

    Do you know ?

    • It works differently in 4.5 – and what issue do you mean?

      • WIF 1.0 when used with Azure ACS creates large cookies… Safari and Opera browsers don’t support large cookies so they are truncated. As a result of that, the application crashes.

        This issue is avoided using Session Mode. When Federated Authentication is used in session mode, the data itself is stored on the server and only an identifier is stored on the client cookie.

        But it has been changed in the new version of WIF 4.5.

        Do you know how to set the session mode in WIF 4.5?

  2. Pingback: Switching to ReferenceMode in ASP.NET 4.5 | www.leastprivilege.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s