身份饼干一段时间后会失去自定义声明信息 [英] Identity cookie loses custom claim information after a period of time

问题描述

我存储自定义声明，如用户的真实姓名，在ASP.NET身份的cookie，以避免在每次请求不必要的数据库查询。至少这就是我认为这code做：

I am storing custom claims, such as the user's real name, in the ASP.NET Identity cookie to avoid unnecessary database queries on every request. At least that's what I assume this code is doing:

var identity = await user.GenerateUserIdentityAsync(UserManager);
identity.AddClaim(new Claim(ClaimTypes.GivenName, user.FirstName)));
// etc.
AuthenticationManager.SignIn(new AuthenticationProperties {IsPersistent=true}, identity);

这工作得很好，我可以取回这些说法：

This works fine, and I can retrieve these claims with:

private static string GetClaim(string claimType)
{
  var identity = (ClaimsPrincipal) Thread.CurrentPrincipal;
  var claim = identity.Claims.SingleOrDefault(o => o.Type == claimType);
  return claim == null ? null : claim.Value;
}

的 identity.Claims 属性包含下面的权利要求，符合市场预期：

The identity.Claims property contains the following claims, as expected:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: ced2d16c-cb6c-4af0-ad5a-09df14dc8207
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: me@example.com
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider: ASP.NET Identity
AspNet.Identity.SecurityStamp: 284c648c-9cc7-4321-b0ce-8a347cd5bcbf
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Admin
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: My Name

麻烦的是，一段时间内（通常是几个小时）后，我的自定义声明似乎消失了 - 在这个例子中，给定名称不再枚举存在。用户通过身份认证，并且所有默认索赔仍然存在。

The trouble is that after some time (usually several hours), my custom claims seem to disappear - in this example, givenname no longer exists in the enumeration. The user is still authenticated, and all the default claims are still there.

这是怎么回事，我该怎么解决这个问题？我能想到的唯一的事情就是该Cookie吐气及幕后被重发，但我不知道为什么（或），将发生。

What's going on, and how can I fix this? The only thing I can think of is that the cookie is expiring and being re-issued behind the scenes, but I don't know why (or if) that would happen.

推荐答案

是的，这个问题是最有可能得到的cookie到期。由于您没有自定义声明添加到用户的数据库中的说法，他们是因为你没有添加方法内索赔被称为丢失刷新。你可以通过添加索赔：

Yes, the issue is most likely the cookie getting expired. Since you didn't add the custom claims to the user's claims in the database, they are lost on refresh since you aren't adding the claim inside the method being called. You can either add the claim via:

userManager.AddClaim(user.Id, new Claim(ClaimTypes.GivenName, user.FirstName));

或者你可以移动这个cookie的再生（默认情况下它user.GenerateUserIdentityAsync）时调用的方法内。

or you can move this inside of the method that's called when the cookie is regenerated (by default its user.GenerateUserIdentityAsync).

        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });

这篇关于身份饼干一段时间后会失去自定义声明信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！