I have a ASP.NET web forms application which is internet-intranet based. For intranet part we have implemented OIDC authentication and for internet part we have WebSEAL based authentication, where users are authenticated based on the Headers returned by WebSEAL junction. I was facing an issue with OIDC part where the value provided by returned token and added to claims identity was going blank. So i added below lines in SecurityTokenValidated function
// Extend life of authentication token.
ctx.AuthenticationTicket.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddHours(16);
ctx.AuthenticationTicket.Properties.IsPersistent = true;
This resolved the issue with token value not going blank. But now i'm facing issue related to WebSEAL authentication. I feel the issue is related to timeout value that is set below in web.config
<authentication mode="Forms">
<forms name=".Ticket" enableCrossAppRedirects="false" protection="All" path="/" slidingExpiration="true" timeout="10" cookieless="UseCookies" requireSSL="true" />
</authentication>
I'm using FormsAuthentication to handle OIDC and WebSEAL and since i have this two set of authentications for internet-intranet is there any order of precedence or consistent timeout value that i need to set for my application.
