https://stackoverflow.com/questions/19052876
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAs part of the login process, once the token has been received and accepted, the WSFederationAuthenticationModule calls the SessionAuthenticationModules WriteSessionTokenToCookie method:
public void WriteSessionTokenToCookie(SessionSecurityToken sessionToken)
{
//Error checking omitted
byte[] buffer = handler.WriteToken(sessionToken);
SessionSecurityTokenCacheKey key = new SessionSecurityTokenCacheKey(this.CookieHandler.Path, sessionToken.ContextId, sessionToken.KeyGeneration);
DateTime expiryTime = DateTimeUtil.Add(sessionToken.ValidTo, base.FederationConfiguration.IdentityConfiguration.MaxClockSkew);
handler.Configuration.Caches.SessionSecurityTokenCache.AddOrUpdate(key, sessionToken, expiryTime);
this.CookieHandler.Write(buffer, sessionToken.IsPersistent, sessionToken.ValidTo);
}
Which as you can see is writing some form of the token, suitably serialized, as cookie(s). Exactly what is included in this depends on some options - for instance, SaveBootstrapContext may affect exactly what is stored. If this option is turned on then, yes, I believe the SAML token is stored in the cookie.
So, what cookie is stored? That depends on what this.CookieHandler is doing. By default, this is the ChunkedCookieHandler which ultimately (again, by default) will split the binary blob that the above method call passes it into multiple smaller blobs, and store those in a series of cookies of the form FedAuth1, FedAuth2, etc.
is there a configuration in the standard ADFS setup for .NET web applications on the IIS to allow switching to ASPXAUTH once the initial token is validated
Not so far as I'm aware.
