ASP.NET 具有快速注销身份的核心 3.1 应用程序
ASP.NET Core 3.1 application with Identity logging off quickly
问题
我在本地 IIS 上有一个 ASP.NET Core 3.1 应用程序,身份为 运行,它的配置如下,如您所见,cookie 配置为持续 3 小时:
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredLength = 8;
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromHours(3);
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
}
LoginController.cs
var result = await _signInManager.PasswordSignInAsync(formModel.Email, formModel.Password, true, lockoutOnFailure: false); // isPersistent forced to be TRUE
问题是应用程序在大约 30 分钟后注销用户,这不应该发生。
我查看了 Microsoft 的身份文档,但没有发现任何错误或遗漏的内容。
有人可以帮我吗?
解决方案
首先你必须遵循一个命令,它是:
- 首先AddSession()
- 然后 AddIdentity() 或 AddDefaultIdentity()
- 和配置方法
现在,我正在使用 cookie 的会话。
Startup.cs文件的示例代码:
// First AddSession()
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(3);
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "SessionNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromHours(3);
});
// Then AddIdentity() or AddDefaultIdentity()
services.AddIdentity<User, UserRole>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Password.RequiredLength = 6;
}).AddDefaultTokenProviders();
// And the configure methods
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
感谢@Deepak Mishra 帮助我。
因为它依赖于会话,直到您检查 "Remember Me?"(PasswordSignInAsync 的IsPersistent 参数)
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
因此要么寻找持久性 cookie,要么增加会话超时。
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(3);
});
Also, as per MS Docs, ConfigureApplicationCookie must be called after
calling AddIdentity or AddDefaultIdentity.
问题
我在本地 IIS 上有一个 ASP.NET Core 3.1 应用程序,身份为 运行,它的配置如下,如您所见,cookie 配置为持续 3 小时:
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredLength = 8;
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromHours(3);
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
}
LoginController.cs
var result = await _signInManager.PasswordSignInAsync(formModel.Email, formModel.Password, true, lockoutOnFailure: false); // isPersistent forced to be TRUE
问题是应用程序在大约 30 分钟后注销用户,这不应该发生。
我查看了 Microsoft 的身份文档,但没有发现任何错误或遗漏的内容。
有人可以帮我吗?
解决方案
首先你必须遵循一个命令,它是: - 首先AddSession() - 然后 AddIdentity() 或 AddDefaultIdentity() - 和配置方法
现在,我正在使用 cookie 的会话。
Startup.cs文件的示例代码:
// First AddSession()
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(3);
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "SessionNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromHours(3);
});
// Then AddIdentity() or AddDefaultIdentity()
services.AddIdentity<User, UserRole>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Password.RequiredLength = 6;
}).AddDefaultTokenProviders();
// And the configure methods
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
感谢@Deepak Mishra 帮助我。
因为它依赖于会话,直到您检查 "Remember Me?"(PasswordSignInAsync 的IsPersistent 参数)
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
因此要么寻找持久性 cookie,要么增加会话超时。
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(3);
});
Also, as per MS Docs, ConfigureApplicationCookie must be called after calling AddIdentity or AddDefaultIdentity.