ASP.NET Core MVC:设置身份Cookie的到期 [英] ASP.NET Core MVC: setting expiration of identity cookie
问题描述
在我的ASP.NET Core MVC应用程序中,身份验证cookie的生存期设置为会话",因此一直持续到关闭浏览器为止. 我对MVC使用默认的身份验证方案:
In my ASP.NET Core MVC app the lifetime of the authentication cookie is set to 'Session', so it lasts until I close the browser. I use the default authentication scheme for MVC:
app.UseIdentity();
如何延长Cookie的寿命?
How can I extend the lifetime of the cookie?
推荐答案
您正在使用的ASP.NET Identity中间件是对UseCookieAuthentication的某些调用的包装,其中包括管道上的Cookie身份验证中间件.这可以在Identity中间件的构建器扩展的源代码中看到.在GitHub上.在那种情况下,配置基础Cookie身份验证应如何工作所需的选项封装在IdentityOptions上,并在设置依赖项注入时进行配置.
The ASP.NET Identity middleware which you are using is a wraper around some calls to UseCookieAuthentication which includes the Cookie Authentication middleware on the pipeline. This can be seen on the source code for the builder extensions of the Identity middleware here on GitHub. In that case the options needed to configure how the underlying Cookie Authentication should work are encapsulated on the IdentityOptions and configured when setting up dependency injection.
实际上,查看我链接到的源代码,您可以看到在调用app.UseIdentity()时运行了以下代码:
Indeed, looking at the source code I linked to you can see that the following is run when you call app.UseIdentity():
var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;
app.UseCookieAuthentication(options.Cookies.ExternalCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
app.UseCookieAuthentication(options.Cookies.ApplicationCookie);
return app;
要设置IdentityOptions类,AddIdentity<TUser, TRole>方法具有一个重载版本,该版本允许使用一个lambda配置选项.因此,您只需要传递一个lambda即可配置选项.在这种情况下,您只需访问options类的Cookies属性并根据需要配置ApplicationCookie.要更改时间跨度,您可以执行类似的操作
To setup the IdentityOptions class, the AddIdentity<TUser, TRole> method has one overloaded version which allows to configure the options with one lambda. Thus you just have to pass in a lambda to configure the options. In that case you just access the Cookies properties of the options class and configure the ApplicationCookie as desired. To change the time span you do something like
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
});
仅当在调用HttpContext.Authentication.SignInAsync时传入AuthenticationProperties且IsPersistent设置为true的实例时,才使用ExpireTimeSpan属性.
The ExpireTimeSpan property is only used if when calling HttpContext.Authentication.SignInAsync we pass in an instance of AuthenticationProperties with IsPersistent set to true.
仅使用Cookie身份验证中间件进行尝试,事实证明这是可行的:如果不使用此选项登录,我们将获得一个持续使用该会话的Cookie,如果我们将其一起发送,我们将获得一个保留了我们所使用内容的Cookie在配置中间件时进行设置.
Trying out just with the Cookie Authentication Middleware it turns out that this works: if we just sign in without this option, we get a cookie that lasts for the session, if we send this together we get a cookie which lasts what we setup when configuring the middleware.
使用ASP.NET Identity的方法是将PasswordSignInAsync的参数isPersistent传递给值true.这最终是对HttpContext的SignInAsync的调用,传入了AuthenticationProperties并且IsPersistent设置为true.通话结束时像是这样:
With ASP.NET Identity the way to do is pass the parameter isPersistent of the PasswordSignInAsync with value true. This ends up being a call to SignInAsync of the HttpContext passing in the AuthenticationProperties with the IsPersistent set to true. The call ends up being something like:
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
如果将IsPersistent设置为true或false,则配置RememberMe.
Where the RememberMe is what configures if we are setting IsPersistent to true or false.
这篇关于ASP.NET Core MVC:设置身份Cookie的到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
