ASP.NET Core MVC:设置身份Cookie的到期 [英] ASP.NET Core MVC: setting expiration of identity cookie
问题描述
在我的ASP.NET Core MVC应用程序中,身份验证cookie的生存期设置为会话",因此一直持续到关闭浏览器为止. 我对MVC使用默认的身份验证方案:
In my ASP.NET Core MVC app the lifetime of the authentication cookie is set to 'Session', so it lasts until I close the browser. I use the default authentication scheme for MVC:
app.UseIdentity();
如何延长Cookie的寿命?
How can I extend the lifetime of the cookie?
推荐答案
您正在使用的ASP.NET Identity中间件是对UseCookieAuthentication
的某些调用的包装,其中包括管道上的Cookie身份验证中间件.这可以在Identity中间件的构建器扩展的源代码中看到.在GitHub上.在那种情况下,配置基础Cookie身份验证应如何工作所需的选项封装在IdentityOptions
上,并在设置依赖项注入时进行配置.
The ASP.NET Identity middleware which you are using is a wraper around some calls to UseCookieAuthentication
which includes the Cookie Authentication middleware on the pipeline. This can be seen on the source code for the builder extensions of the Identity middleware here on GitHub. In that case the options needed to configure how the underlying Cookie Authentication should work are encapsulated on the IdentityOptions
and configured when setting up dependency injection.
实际上,查看我链接到的源代码,您可以看到在调用app.UseIdentity()
时运行了以下代码:
Indeed, looking at the source code I linked to you can see that the following is run when you call app.UseIdentity()
:
var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;
app.UseCookieAuthentication(options.Cookies.ExternalCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
app.UseCookieAuthentication(options.Cookies.ApplicationCookie);
return app;
要设置IdentityOptions
类,AddIdentity<TUser, TRole>
方法具有一个重载版本,该版本允许使用一个lambda配置选项.因此,您只需要传递一个lambda即可配置选项.在这种情况下,您只需访问options类的Cookies
属性并根据需要配置ApplicationCookie
.要更改时间跨度,您可以执行类似的操作
To setup the IdentityOptions
class, the AddIdentity<TUser, TRole>
method has one overloaded version which allows to configure the options with one lambda. Thus you just have to pass in a lambda to configure the options. In that case you just access the Cookies
properties of the options class and configure the ApplicationCookie
as desired. To change the time span you do something like
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
});
仅当在调用HttpContext.Authentication.SignInAsync
时传入AuthenticationProperties
且IsPersistent
设置为true
的实例时,才使用ExpireTimeSpan
属性.
The ExpireTimeSpan
property is only used if when calling HttpContext.Authentication.SignInAsync
we pass in an instance of AuthenticationProperties
with IsPersistent
set to true
.
仅使用Cookie身份验证中间件进行尝试,事实证明这是可行的:如果不使用此选项登录,我们将获得一个持续使用该会话的Cookie,如果我们将其一起发送,我们将获得一个保留了我们所使用内容的Cookie在配置中间件时进行设置.
Trying out just with the Cookie Authentication Middleware it turns out that this works: if we just sign in without this option, we get a cookie that lasts for the session, if we send this together we get a cookie which lasts what we setup when configuring the middleware.
使用ASP.NET Identity的方法是将PasswordSignInAsync
的参数isPersistent
传递给值true
.这最终是对HttpContext
的SignInAsync
的调用,传入了AuthenticationProperties
并且IsPersistent
设置为true.通话结束时像是这样:
With ASP.NET Identity the way to do is pass the parameter isPersistent
of the PasswordSignInAsync
with value true
. This ends up being a call to SignInAsync
of the HttpContext
passing in the AuthenticationProperties
with the IsPersistent
set to true. The call ends up being something like:
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
如果将IsPersistent
设置为true或false,则配置RememberMe
.
Where the RememberMe
is what configures if we are setting IsPersistent
to true or false.
这篇关于ASP.NET Core MVC:设置身份Cookie的到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!