ASP.NET Identity Change ExpireTimeSpan after ConfigureAuth

问题

I'm working on a web application that I recently migrated from a custom authentication solution to ASP.NET Identity. In some sections of our app, long processes are performed that can take up to an hour to run. Under normal circumstances, we want users to be automatically logged out after 30 minutes of non-activity. However, for screens where long processes occur, we want to widen the automatic logout window so that they don't get kicked out before the process completes. I'm currently struggling with how to accomplish this with Identity. I am currently using the following code in my Startup.Auth.cs file:

public partial class Startup
{
    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301883
    public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Login.aspx"),
            ExpireTimeSpan = TimeSpan.FromMinutes(30),
            SlidingExpiration = true,
            Provider = new CookieAuthenticationProvider
            {
                OnValidateIdentity =
                    SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
                        TimeSpan.FromMinutes(30),
                        (manager, user) => user.GenerateUserIdentityAsync(manager),
                        userIdentity => userIdentity.GetUserId<int>())
            }
        });
    }
}

I currently don't see any way to modify the ExpireTimeSpan value after ConfigureAuth has already been called. I hope to be able to change the value in the Page_Load event handler from a Web Form page. Does anyone know of a way?

回答1:

Inside OnValidateIdentity

aka:

OnValidateIdentity = delegate(CookieValidateIdentityContext context) {
            var stampValidator = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
                validateInterval: TimeSpan.FromMinutes(30),
                regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                getUserIdCallback: (id) => (id.GetUserId<int>())
            );
            Task result = stampValidator.Invoke(context);

            int my_custom_minutes = 60; // run your logic here.
                // set it at GLOBAL level for all (future) users.
                context.Options.ExpireTimeSpan = TimeSpan.FromMinutes( my_custom_minutes );
                // set it for the current user only.
                context.Properties.ExpiresUtc = context.Properties.IssuedUtc.Value.AddMinutes( my_custom_minutes );

            return result;
}

来源：https://stackoverflow.com/questions/27281272/asp-net-identity-change-expiretimespan-after-configureauth