I have a working web app with passive login, custom STS with ASP .NET forms authentication, and relying party services being called by the web app using delegation to act as the signed in user. Basing code off of the Geneva Framework samples, I have all of this working.
Now a question: Is there any way to enable sliding expiration of the passive login at the web app? I don't mean sliding expiration of the forms authentication at the STS, but at the actual relying party web app. It seems that if the token lifetime is 15 minutes, then 15 minutes after logging in the user is redirected back to the STS regardless of their activity (that is, not 15 minutes after they last accessed a page). This is a problem because a user who is active and hitting a new page frequently will still lose any postback data every 15 minutes.
Is there a built in way to enable sliding expiration? Is there a way for the relying party web app to make a service call to the STS to extend the life of the token (I see by reflecting that the Renew method on Geneva's base SecurityTokenService class just throws an Exception though)? I do also see by reflection that the default token lifetime is 10 hours, which is longer than a user will be actively using a web app anyway, but it seems like there should be a better way around this issue.
Any insight would be greatly appreciated.
Andy
Now a question: Is there any way to enable sliding expiration of the passive login at the web app? I don't mean sliding expiration of the forms authentication at the STS, but at the actual relying party web app. It seems that if the token lifetime is 15 minutes, then 15 minutes after logging in the user is redirected back to the STS regardless of their activity (that is, not 15 minutes after they last accessed a page). This is a problem because a user who is active and hitting a new page frequently will still lose any postback data every 15 minutes.
Is there a built in way to enable sliding expiration? Is there a way for the relying party web app to make a service call to the STS to extend the life of the token (I see by reflecting that the Renew method on Geneva's base SecurityTokenService class just throws an Exception though)? I do also see by reflection that the default token lifetime is 10 hours, which is longer than a user will be actively using a web app anyway, but it seems like there should be a better way around this issue.
Any insight would be greatly appreciated.
Andy