用户不活动时，从Asp.net身份自动注销 [英] Auto Logout from Asp.net Identity when user is Inactive

问题描述

我正在使用Asp.net Identity框架开发Asp.net mvc应用程序，要求用户仅在用户处于非活动状态(不移动鼠标/单击)的情况下，才应在10分钟后自动注销.即使用户在应用程序中处于活动状态，当用户注销时，任何人都可以帮助我尽快完成这些操作.响应将不胜感激

I am devoloping Asp.net mvc application with Asp.net Identity framework with a requirement of user should be autologout after 10 mins only when the user is inactive(With out mouse movement/Click).I have tried with code which works as user logsout even when the user is active in the application,Can any one help me out in accomplishing these ASAP.Response would be appreciated

请在这里找到我的Starup.cs文件代码:

Please find my Starup.cs file code here:

using System;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Owin;
using ADFV2External.Models;
using ADFV2External;

namespace ADFV2ExternalLogin
{
    public partial class Startup
    {
        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            // Configure the db context, user manager and signin manager to use a single instance per request
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                CookieSecure = CookieSecureOption.Always,
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                },
                ExpireTimeSpan = TimeSpan.FromMinutes(10)
            });
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

            // Enables the application to remember the second login verification factor such as phone or email.
            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
            // This is similar to the RememberMe option when you log in.
            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);


            // Uncomment the following lines to enable logging in with third party login providers
            //app.UseMicrosoftAccountAuthentication(
            //    clientId: "",
            //    clientSecret: "");

            //app.UseTwitterAuthentication(
            //   consumerKey: "",
            //   consumerSecret: "");

            //app.UseFacebookAuthentication(
            //   appId: "",
            //   appSecret: "");

            //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
            //{
            //    ClientId = "",
            //    ClientSecret = ""
            //});
            app.UseMicrosoftAccountAuthentication
            (
            clientId: "f10e6987-f527-4eb2-a7d4-61a9d5175117",
            clientSecret: "qedLHH977-:ivxfAZNQ90:_"
            );
        }
    }
}

推荐答案

ExpireTimeSpan based on request/response mechanism. That means, that user will log out if there wouldn't be any HTTP request from user in 10 minutes from last response.

所以我看到两种解决您任务的方法:

So I see 2 ways to solve your task:

1. 您可以通过鼠标/键盘事件从页面发起HTTP请求；
2. 您可以在客户端运行计时器(setTimeout功能)，并在鼠标/键盘事件&停止时发送注销请求.必须禁用ExpireTimeSpan.

1. You can initiate HTTP requests from page by mouse/keyboard events;
2. You can run timer (setTimeout function) on client side with its reset on mouse/keyboard events & send log out request when it stops. ExpireTimeSpan must be disabled.

但是，当用户打开某些页面时，可能会遇到麻烦.

But there may be trouble when user opens some pages.

这篇关于用户不活动时，从Asp.net身份自动注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！