如何在Razor Page中获取ASP.NET Identity身份验证票证到期? [英] How to get ASP.NET Identity authentication ticket expiry in Razor Page?

问题描述

我将IdentityServer4与ASP.NET Identity一起使用，并将cookie配置为SlidingExpiration = true和ExpireTimeSpan = 20分钟.我想在用户即将超时时向用户提供警告，因此尝试访问Cookie中的".expiry"值.

I'm using identityserver4 with ASP.NET Identity, with a cookie configured with SlidingExpiration = true and ExpireTimeSpan = 20 minutes. I would like to provide the user with a warning when they are about to timeout so am trying to access the ".expiry" value in the cookie.

到目前为止，我已经可以使用下面的Razor代码读取 到期时间. 但是，这在用户刷新票证时无法读取正确的到期时间.根据 Microsoft docs SlidingExpiration应该为我的用户提供一张新票证，如果他们在获得票证后10分钟或更长时间(> = ExpireTimeSpan的50％)刷新页面.这样做很好，但是这样做时，下面的代码提供了旧的到期时间，直到用户第二次刷新页面为止！

So far I have been able to read an expiry time using the Razor code below. However this is failing to read the correct expiry time when the user refreshes their ticket. According to the Microsoft docs SlidingExpiration should provide my user with a new ticket if they refresh the page 10 minutes or more (>= 50% of ExpireTimeSpan) after getting a ticket. It does this fine, but when it does so the code below provides the old expiry time until the user refreshes the page for a second time!

@(DateTime.Parse(((await Context.AuthenticateAsync()).Properties.Items)[".expires"]))

我想知道的是，如何在提供新票证时生成的页面上获得正确的到期时间?

What I want to know is how do I get the correct expiry time on the page generated when the new ticket is provided?

推荐答案

我已经解决了我的问题，我不太喜欢这种解决方案，因为它很hacky .尽管它确实可以工作，所以如果有帮助，我会在这里发布.如果有人可以帮助我理解更好的解决方案，我将不胜感激，如果有的话，我会编辑此答案或删除它，以取而代之.

I've kind of solved my issue, I don't much like this solution as it's quite hacky. It does work though so I'm posting it here in case it is helpful. I'd much appreciate it if anyone can help me understand a better solution, I'll edit this answer or delete it in favour of another if/when that happens.

我以与问题基本相同的方式获得身份验证票证的到期时间，然后，如果剩余的ExpireTimeSpan设置不足50％，我认为它会续订(可能有点冒险，但到目前为止，这是我最好的)已经管理好了).我用它来计算到超时之前剩余的假定秒数，然后在决定何时向用户显示警告时使用此值.

I get the authentication ticket expiry in much the same way as in my question, then if there is less than 50% of my ExpireTimeSpan setting left I assume it would have renewed (a bit risky maybe but so far it's the best I've managed). I use this to calculate the assumed number of seconds remaining until timeout, then use this value when deciding when to show the user a warning.

在剃刀顶部(部分):

@using Microsoft.AspNetCore.Authentication;

我代码的重要部分(可以提出改进建议):

The important bit of my code (feel free to suggest improvements):

secondsRemaining = "@(DateTime.Parse(((await AuthenticationHttpContextExtensions
                                             .AuthenticateAsync(Context))
                                             .Properties
                                             .Items)[".expires"])
                     .Subtract(DateTime.Now)
                     .TotalSeconds)";
// If secondsRemaining is less than half the expiry timespan then assume it will be re-issued
if (secondsRemaining < timeoutSeconds / 2) {
    secondsRemaining = timeoutSeconds;
}

这篇关于如何在Razor Page中获取ASP.NET Identity身份验证票证到期?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！