ASP.NET Core MVC:设置身份 cookie 过期 [英] ASP.NET Core MVC: setting expiration of identity cookie
问题描述
在我的 ASP.NET Core MVC 应用程序中,身份验证 cookie 的生命周期设置为会话",因此它会持续到我关闭浏览器.我使用 MVC 的默认身份验证方案:
In my ASP.NET Core MVC app the lifetime of the authentication cookie is set to 'Session', so it lasts until I close the browser. I use the default authentication scheme for MVC:
app.UseIdentity();
如何延长 cookie 的生命周期?
How can I extend the lifetime of the cookie?
推荐答案
您正在使用的 ASP.NET 身份中间件是对 UseCookieAuthentication 的一些调用的包装,其中包括 Cookie 身份验证中间件管道.这可以在 Identity 中间件的构建器扩展的源代码中看到 在 GitHub 上.在这种情况下,配置底层 Cookie 身份验证应该如何工作所需的选项被封装在 IdentityOptions 上,并在设置依赖注入时进行配置.
The ASP.NET Identity middleware which you are using is a wraper around some calls to UseCookieAuthentication which includes the Cookie Authentication middleware on the pipeline. This can be seen on the source code for the builder extensions of the Identity middleware here on GitHub. In that case the options needed to configure how the underlying Cookie Authentication should work are encapsulated on the IdentityOptions and configured when setting up dependency injection.
确实,查看我链接的源代码可以看到,当你调用app.UseIdentity()时会运行以下代码:
Indeed, looking at the source code I linked to you can see that the following is run when you call app.UseIdentity():
var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;
app.UseCookieAuthentication(options.Cookies.ExternalCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
app.UseCookieAuthentication(options.Cookies.ApplicationCookie);
return app;
要设置 IdentityOptions 类,AddIdentity 方法有一个重载版本,允许使用一个 lambda 配置选项.因此,您只需要传入一个 lambda 来配置选项.在这种情况下,您只需访问选项类的 Cookies 属性并根据需要配置 ApplicationCookie.要更改时间跨度,您可以执行以下操作
To setup the IdentityOptions class, the AddIdentity<TUser, TRole> method has one overloaded version which allows to configure the options with one lambda. Thus you just have to pass in a lambda to configure the options. In that case you just access the Cookies properties of the options class and configure the ApplicationCookie as desired. To change the time span you do something like
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);
});
ExpireTimeSpan 属性仅在调用 HttpContext.Authentication.SignInAsync 我们传入 AuthenticationProperties 的实例时使用 与 IsPersistent 设置为 true.
The ExpireTimeSpan property is only used if when calling HttpContext.Authentication.SignInAsync we pass in an instance of AuthenticationProperties with IsPersistent set to true.
仅使用 Cookie 身份验证中间件进行尝试,结果证明这是可行的:如果我们在没有此选项的情况下登录,我们会得到一个持续会话的 cookie,如果我们将它一起发送,我们会得到一个持续我们的 cookie配置中间件时设置.
Trying out just with the Cookie Authentication Middleware it turns out that this works: if we just sign in without this option, we get a cookie that lasts for the session, if we send this together we get a cookie which lasts what we setup when configuring the middleware.
使用 ASP.NET Identity 的方法是传递 PasswordSignInAsync 的参数 isPersistent,其值为 true.这最终是对 HttpContext 的 SignInAsync 的调用,传入 AuthenticationProperties 并将 IsPersistent 设置为 true.电话最终是这样的:
With ASP.NET Identity the way to do is pass the parameter isPersistent of the PasswordSignInAsync with value true. This ends up being a call to SignInAsync of the HttpContext passing in the AuthenticationProperties with the IsPersistent set to true. The call ends up being something like:
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
RememberMe 用于配置我们将 IsPersistent 设置为 true 还是 false.
Where the RememberMe is what configures if we are setting IsPersistent to true or false.
这篇关于ASP.NET Core MVC:设置身份 cookie 过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
