I need to create a page that will allow users to reset their passwords if they answer questions, or have an SMS validation occur.
The challenge I have is setting up the session so that I works in a load balanced environment and and across many pages (stateless).
- How can I use WIF to set the session cookies in an MVC project?
You'd need to make sure the session cookie from the SAM is using the same protection keys on each machine. That boils down to using the machineKey and configuring the SAM to use these keys. I added this as a feature to the IdentityModel security library, but you can just as easily copy the config or code from github:
http://brockallen.com/2013/02/18/configuring-machine-key-protection-of-session-tokens-in-wif-and-thinktecture-identitymodel/