Monthly Archives: July 2012

MachineKey based Session Protection for WIF

When using the session facility in WIF (e.g. in ASP.NET with the SessionAuthenticationModule), the session token must be protected somehow. By default WIF uses the Windows built-in DPAPI mechanism. While DPAPI is easy to use in single-server scenarios it has … Continue reading

Posted in ASP.NET, IdentityModel | 36 Comments