How do i set Session Token Lifetime programmatically in .NET 4 - wif

Able to configure session token lifetime in web.config like below.
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="00:45:00"></sessionTokenRequirement>
</add>
</securityTokenHandlers>
But I couldn't figured out how to configure through programmatically in .net 4.0.
I really appreciate any help you can provide.

I dont know how to configure session token lifetime but you can
Set DefaultTokenLifetime of STS configuration
Implement GetTokenLifetime method of SecurityTokenService class

Brock Allen wrote about a way to do that for .NET 4.5 at:
http://brockallen.com/2013/02/14/configuring-session-token-lifetime-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/
Since their library is open source, learning from it and writing a similar method for .NET 4.0 should be doable.

Related

How to share models between different MVC websites?

I have 2 seperate areas for my ASP.NET MVC 3 website - Admin (Intranet website) and Client (Internet website).
The Model (business and data access layer) will be used by both websites. The websites will be hosted on seperate servers. So, the folder will not be shared.
So, I am planning to create the DLL of the Model and put the DLL in the Bin Folder of both website and use it.
I hope this will keep my UI neat and less code as well.
Now, my doubts are:
Do I need to create a Class Library project to create the DLL of the Model or do I need to use and MVC web application project to create the DLL?
Where should I put the web config? Hope I need in both Model and also in UI?
Do I need to create a Class Library project to create the DLL of the Model
Yes, a separate class library shared between the 2 web applications is the best approach.
Do I need to use and MVC web application project to create the DLL (looking for the best approach)?
No, the ASP.NET MVC could contain only the views. Do not reference and reuse a web application for common logic in other applications.
Where should I put the web config?
Each ASP.NET MVC web application should have its own web.config.
Yes, your abstracted business logic should be in a separate class library project. You can then reference this project from web apps in the same solution or compile it and reference it as a DLL. Your web.config file(s) will still live in your web project(s).
To add settings for your class library in your web project, use configuration sections:
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="My.Class.Library.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<applicationSettings>
<My.Class.Library.Properties.Settings>
<setting name="SettingName" serializeAs="String">
<value>SettingValue</value>
</setting>
</My.Class.Library.Properties.Settings>
</applicationSettings>

Is there a way to add an httpModule when webApi is running with the HttpSelfHostServer?

I have a MVC4 webapi controller. It has no parameter-less constructors. So, i use Windsor dependency resolver and everything is fine when work under System.Web.Http.WebHost. But, when I try to use HttpSelfHostServer, i get the exception message:
Looks like you forgot to register the http module Castle.MicroKernel.Lifestyle.PerWebRequestLifestyleModule
To fix this add
<add name="PerRequestLifestyle" type="Castle.MicroKernel.Lifestyle.PerWebRequestLifestyleModule, Castle.Windsor" />
to the <httpModules> section on your web.config.
If you plan running on IIS in Integrated Pipeline mode, you also need to add the module to the <modules> section under <system.webServer>.
Alternatively make sure you have Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 assembly in your GAC (it is installed by ASP.NET MVC3 or WebMatrix) and Windsor will be able to register the module automatically without having to add anything to the config file.
Obviously, the windsor di cannot register his HttpModule. I've tried to add
<system.web>
<httpModules>
<add name="PerRequestLifestyle" type="Castle.MicroKernel.Lifestyle.PerWebRequestLifestyleModule, Castle.Windsor" />
</httpModules>
</system.web>
in my app.config, no luck. Tried the WebActivator to use PreApplicationStart method with no luck as well. Is there any way to add a httpModule for self-hosted webapi app?
HttpModules cannot be used when self-hosting. They are ASP.NET specific features.

ACS installed but MVC 4.0 app still redirects and fails to find login.aspx

First post here on stackoverflow but I love the site!...
I've successfully created a fully functioning Azure hybrid model application using MVC 4. Published and works great. Now I want to add ACS for auth to my site. I've followed all the steps but when I run the app in simulation it fails to re-direct to ACS and offers up the page stating that it couldn't find login.aspx.
I have created a simple website solution just to prove that my ACS is setup correctly and it works just fine. I noticed that the web.config files of the two solutions were wildly different.
Anyone tried to do this yet? Any help would be appreciated.
--------- Solution -----------
I finally got everything to work. The key was to remove the WebMatrix.WebData references since I didn't need to do my own auth. The following came from MVC4 Release notes.
When WebMatrix.WebData.dll is included in in the /bin directory of an ASP.NET MVC 4 apps, it takes over the URL for forms authentication. Adding the WebMatrix.WebData.dll assembly to your application (for example, by selecting "ASP.NET Web Pages with Razor Syntax" when using the Add Deployable Dependencies dialog) will override the authentication login redirect to /account/logon rather than /account/login as expected by the default ASP.NET MVC Account Controller.
Open your web.config file.
Locate the Authentication node.
Change it from:
<authentication mode="Forms" />
To:
<authentication mode="None" />
Comment here, if it doesn't help, and what is the result after changes to web.config.
As a side question - how did you add reference to the ACS namespace - via "right click -> Add STS Reference", or manually changed the web.config ?
Make sure that the required Modules are registered with the web server:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ClaimsPrincipalHttpModule" type="Microsoft.IdentityModel.Web.ClaimsPrincipalHttpModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
...
</system.webServer>
Also make sure that you have microsoft.identityModel section, and you have federatedAuthentcation node within it:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://[your_namespace].accesscontrol.windows.net/v2/wsfederation"
realm="http://127.0.0.1:81/" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
Where "realm" shall be valid URL for Realying Party Application. And requireHttps="false" is to simplify development process.
When you debug it locally, make sure you are running the Cloud project (which uses IIS), and not the Web Project (which will use Cassini / webdevserver, which does not understand the system.webServer section!)

Is there a way to remove assemblies and namespaces declaration in asp.net mvc web.config file?

i'm trying to make an empty asp.net mvc 3 application with razor engine(as much empty as possible)
The one that VS2010 creates doesn't suit me, because there's too much mess in web.config files(+ plenty of scripts and styles and packages etc)
Is there an elegant way to hide this all mess somewhere else(but not in machine.config) and to deal with nice empty web.config file(at least at site root)?
And if not, maybe someone can give me some links about what all this autogenerated configurations mean(like dependentAssembly definition) and why they are needed.
Thank you, lets keep our code clean=)
You could use the Empty template when creating the ASP.NET MVC application and then have the following minimal web.config to successfully render a Razor view:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
</configuration>
Also what you call mess in the web.config is simply a requirement if you want to use some functionalities such as forms authentication for example. But you could add the corresponding sections progressively according to your needs. I agree that there is plenty of useless crap in the default web.config generated by Visual Studio.
You can start with an empty ASP.net MVC 3 project. This one has the minimal amount of starting code/files for an MVC site. You can follow the below tutorial to get started on creating a MVC site from the empty ASP.net MVC 3 project:
http://www.asp.net/mvc/tutorials/mvc-music-store-part-1

Dot character in ASP.NET MVC 3 route parameters

I have no custom routes in my application, only the default one. If i try to open localhost/myapp/controller/action/bla.bla it works fine on my machine (Windows 7 x32, both Cassini and IIS) but fails on the server (2008 R2 x64). Found similar question but the solution doesn't work. Also, found this article where Eilon says it's a special character for MVC and it's "by design". Why there is difference between my machine and the production box and how do i fix it?
Update: the problem site has ExtensionlessUrl-ISAPI-4.0_64bit and ExtensionlessUrl-Integrated-4.0 enabled and mapped to "*.". There are no any managed handlers in web.config. The patch mentioned by Dmitry "is not applicable to your computer", probabaly because it's already installed with SP1. I can confirm that 404 is reported back by ASP.NET MVC, not IIS because i can see the request in Application_PreSendRequestHeaders. Moreover, if i attach a descendant of MvcRouteHandler with overloaded GetHttpHandler() that logs all RouteData it shows that "id" is correctly mapped to "bla.bla". Any ideas?
Is the application using any managed handlers that are mapped to the "*." extension? If so, check out this link:
http://support.microsoft.com/kb/980368
This work for me:
<system.webServer>
<handlers>
<add name="UrlRoutingHandler"
type="System.Web.Routing.UrlRoutingHandler,
System.Web, Version=4.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
path="/Users/*"
verb="GET"/>
</handlers>
</system.webServer>
Can you find what errors(exceptions) if any are you getting by seeing all first chance exceptions. This will show you how can find all the first chance exceptions your application is throwing.
There is an new update available for Win2k8r2sp1, have a look at
http://www.shanmcarthur.net/Default.aspx?DN=7d0cd525-bbc5-46c3-8096-95f93827aeea
Please provide more detail, like what were the expected result, what errors do you get. Which solutions have you tried so far? Have you tried the configuration solution?
<httpRuntime relaxedUrlToFileSystemMapping="true" />
As to, "Why there is a difference between my machine and the production box"... Well my friend, that is a question only you can answer.
All the latest Windows updates (after SP1) seem to solve the issue.

Resources