I use the Windows Identity Foundation (WIF) Security Token Service (STS) to handle authentication for my application, which works well and well. However, it seems that I can not work with STS for a long time.
From my understanding, I should not care about client tokens at the application level, since they can expire everything they want, and he should redirect me to STS, and while they still log into the STS system, he should update his application token. However, he does not seem to want them to sign.
This is what happens in my login.aspx on STS
var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket);
if (persistTicket)
cookie.Expires = DateTime.Now.AddDays(14);
Response.Cookies.Add(cookie);
var returnUrl = Request.QueryString["ReturnUrl"];
Response.Redirect(returnUrl ?? "default.aspx");
which was obtained almost directly from an existing application using regular Forms Auth.
web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" timeout="2880"
name=".STS" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="default.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
cookie , , cookie 14 cookie .
STS, , cookie .
- , STS cookie, cookie, , ?