thinktecture-ident-serverthinktecture-ident-modelidentityserver3

Server sessions (IsReference mode) for Thinktecture Id.Srv. 3


With ref. to brockallen.com/2013/02/21/server-side-session-token-caching-in-wif-and-thinktecture-identitymodel

I want to use server side sessions with Id.Srv. 3 and have created an implementation of ITokenCacheRepository using a Redis Cache as the session store.

Apart from the implementation, I have added the following code in Global.asax of the Id.Srv. project:

    protected void Application_Start(object sender, EventArgs e)
    {
        PassiveSessionConfiguration.ConfigureSessionCache(new SessionManagerCache(sessionManager));
    }

    public override void Init()
    {
        PassiveModuleConfiguration.CacheSessionsOnServer();
    }

where SessionManagerCache is the ITokenCacheRepository implementation and sessionManager is a Redis Cache used inside that.

I also have these configSections in web.Config -

<section name="system.identityModel" ...
<section name="system.identityModel.services" ...

and also the system.identityModel section -

<system.identityModel>
<identityConfiguration>
    <claimsAuthorizationManager type="Identity.TestServer.AuthorizationManager, Identity.TestServer" />
</identityConfiguration>
</system.identityModel>

where AuthorizationManager is a ClaimsAuthorizationManager derivation.

Upon running, from within CacheSessionsOnServer(), this exception is being thrown -

throw new ArgumentException("SessionAuthenticationModule is null");

I have checked the value of FederatedAuthentication.SessionAuthenticationModule in Init() and this is always null.

This comment says Id.Srv. uses SAM to track user login sessions -

https://github.com/IdentityModel/Thinktecture.IdentityModel.45/issues/118#issuecomment-24202385

However, upon checking Id.Srv. code, this is true for Id.Srv. 2.

In Id.Srv. 3, cookie auth. seems to have been used - https://github.com/IdentityServer/IdentityServer3/blob/master/source/Core/Configuration/AppBuilderExtensions/ConfigureCookieAuthenticationExtension.cs#L49

On CookieAuthenticationOptions, there is an option to set SessionStore to make use of a custom session store. However there seems to be no option to set SessionStore for Id.Srv. as these are local variables being created.

Can anybody please suggest, how to resolve the above error. Am I missing something obvious?

Can Thinktecture.IdentityModel be used for Server sessions with Id.Srv. 3? If not, what are the alternatives to implement server sessions (IsReference mode) for login sessions using Id.Srv. 3?

Any help would be really appreciated.


Solution

  • For anyone stumbling upon this, Brock Allen has clarified :

    "Since IdSvr 3 does not use the SAM, you can't use this feature from IdentityModel. IdSvr3, since it's OWIN based, uses the new cookie authentication middleware for the authentication sessions. These cookies tend to be much smaller than the older SAM cookies, thus there's less need for the cache."