如何设置asp.net身份cookie过期时间 [英] How to set asp.net Identity cookies expires time

问题描述

我使用Asp.Net Identity来控制我的应用程序的授权.现在，我需要执行以下操作:如果用户在30分钟内没有操作，请跳至登录页面，当用户登录时未选中"isPersistent"复选框. 并且，如果他选中了"isPersistent"复选框，则将cookie的过期日期设置为14天. 我尝试通过更改Startup.Auth.cs来做到这一点:

I use Asp.Net Identity to control my app's authorization. Now, I need to do this: if the user does not operate in 30 minutes, jump to the login page, when he login does not select "isPersistent" checkbox. And, if he selected "isPersistent" checkbox, set the expiration date of cookie for 14 days. I try to do this by change the Startup.Auth.cs like this:

public void ConfigureAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        SlidingExpiration = true,
        CookieName = WebHelpers.ConstStrings.AUTHCOOKIESNAME
    });
}

和以下登录代码:

private async Task SignInAsync(User user, bool isPersistent)
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
    var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
    if (isPersistent)
    {
        AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
    }
    else
    {
        AuthenticationManager.SignIn(new AuthenticationProperties() { ExpiresUtc = new DateTimeOffset(DateTime.UtcNow.AddMinutes(30)) }, identity);
    }
}

但是我发现，当用户不选择isPersistent复选框时，cookie的到期日期已经是会话"，而不是当前时间加上30分钟.

But I found that when the user does not choose isPersistent checkbox, cookies's expiration date is already 'Session', not the current time plus 30 minutes.

使用类似after的代码时cookie的状态，因此记住我"复选框不起作用.

The cookies status when use the code like after, so the 'remember me' checkbox can't work.:(.

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            ExpireTimeSpan = TimeSpan.FromMinutes(30),
            SlidingExpiration = true,
            CookieName = WebHelpers.ConstStrings.AUTHCOOKIESNAME
        });

推荐答案

如果AuthenticationProperties的IsPersistent属性设置为false，则cookie过期时间将设置为会话".

If IsPersistent property of AuthenticationProperties is set to false, then the cookie expiration time is set to Session.

如果选中复选框记住我" ，则AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true }, userIdentity);将创建一个cookie，该cookie的失效时间等于您在Startup.cs中设置的ExpireTimeSpan(默认设置)至14天).

If checkbox "remember me" is checked then AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true }, userIdentity); will create a cookie with expiration time equal to ExpireTimeSpan you set up in Startup.cs (defaults to 14days).

如果复选框记住我"被未选中，那么您必须使用AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)}, userIdentity);.再次将IsPersistent设置为true，但是现在我们给ExpiresUtc赋予一个值，这样它就不会使用Startup.cs中的CookieAuthenticationOptions中的值.

If checkbox "remember me" is NOT checked then you have to use AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)}, userIdentity);. Again IsPersistent is set to true but now we give a value to ExpiresUtc so it does not use from CookieAuthenticationOptions from Startup.cs.

public override async Task SignInAsync(ApplicationUser user, bool isPersistent, bool rememberBrowser)
{
    var userIdentity = await CreateUserIdentityAsync(user).WithCurrentCulture();
    // Clear any partial cookies from external or two factor partial sign ins
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie);
    if (rememberBrowser)
    {
        var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(ConvertIdToString(user.Id));
        AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity, rememberBrowserIdentity);
    }
    else
    {
        //AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity);
        if (isPersistent)
        {
            AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity);
        }
        else
        {
            AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30) }, userIdentity);
        }        
    }
}

这篇关于如何设置asp.net身份cookie过期时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！