Token Expiry

Security tokens have several properties that provide information about their lifetime:

• IsCurrent
• IsExpired
• RequiresRenewal

IsCurrent returns true if the token is within its lifetime window and can be used when sending a message. IsExpired returns true when a token has passed its expiry time and should not be used. RequiresRenewal is implemented by default as IsExpired and therefore returns true when a token has expired.

In the case of SecurityContextTokens and KerberosTokens in WSE 2.0, the RequiresRenewal property is overridden from its default and uses a renewal window value to return true from this property when the token is still current but about to expire.

The policy engine in WSE 2.0 uses this property to determine when to automatically request a new SecurityContextToken or to create a new KerberosToken to avoid messages failing at the receiver. If you use either of these tokens directly in code without policy and you application is long-running, you should use this property to determine when to renew the token.

Posted by herveyw at May 7, 2004 11:45 PM