问题
I'm working on a MVC6 ASP.Net5 project, and am having trouble with .Net Identity persisting my authentication cookie on login.
I am using a custom user store, this is an existing DB with existing stored procedures etc...
My SignIn method is an extension on my User object, and follows.
public static async Task SignIn(this UserModel Model, UserManager<UserModel> UserManager, SignInManager<UserModel> SignInManager, bool RemeberMe = true)
{
var Claims = new List<Claim>();
Claims.Add(new Claim("UserID", Model.UserID.ToString()));
Claims.Add(new Claim("Username", Model.Username));
await UserManager.AddClaimsAsync(Model, Claims);
await SignInManager.SignInAsync(Model, new AuthenticationProperties { IsPersistent = RemeberMe, AllowRefresh = true });
}
This works, and a cookie is added with an expiration date in the future.
The issue I am having is that even though the Identity cookie is set for long in the future, after 20ish minutes of inactivity, I am forced to re-login. This makes me think something is timing out, but I'm very new to Identity, and am not sure what I'm doing wrong (or really even where to start).
EDIT : this is my custom GetSecurityStampAsync in the custom user store. I know this isn't secure or even really doing anything currently, but I'm just trying to figure out what the problem is right now. I plan on refactoring it later once it's working.
public Task<string> GetSecurityStampAsync(UserModel user, CancellationToken cancellationToken)
{
return Task.FromResult(user.UserID.ToString() + user.Username);
}
回答1:
Make sure that you've set your timeouts according to your requirement[s]. There are two timeout configurations (ExpireTimespan and ValidateInterval) in Identity 2.1 that can affect how long a user can stay logged in. You can configure them using:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(15)
},
ExpireTimeSpan = TimeSpan.FromMinutes(30)
});
That is explained more in this article - a little dated but should still apply for the most recent version of ASP.NET Core that has been released at this time of writing (rc1).
If you're using session, it could also be that you're session is just timing out or is cleared.
By default you get a in-memory cache. As soon as the process is restarted, you will lose your session objects. You need to use a persistent storage for your session objects.
If you're using SQL Server, here's a good article to get you started.
来源:https://stackoverflow.com/questions/35300101/asp-net-identity-not-persisting-cookie-mvc6-vnext