Identity Server 3用户会话生存期 [英] Identity Server 3 User Session Lifetime

问题描述

我正在使用身份服务器3保护Web应用程序的安全.我的应用程序分为2个oidc客户端:ASP.Net MVC客户端和使用oidc-client javascript库的javascript(角)客户端.

I'm securing a web app with identity server 3. My app is split into 2 oidc clients a ASP.Net MVC client and a javascript(angular) client which uses the oidc-client javascript library.

当用户首次访问该Web应用程序时，我们将重定向以登录到身份服务器，该身份服务器将登录mvc客户端.然后，使用oidc-library中的静默登录功能登录javascript客户端.

When a user first visits the web app we redirect for log in to identity server, which logs in the mvc client. The javascript client is then logged in using the silent login feature from the oidc-library.

我想控制用户访问登录页面以再次登录的频率，并且我希望对此进行设置，以使用户必须每天或每8小时访问一次登录页面.

I would like to control how often the user has to visit the logon page to sign in again and I would like to set this so that users have to visit the logon page either once a day or every 8 hours.

身份服务器中是否有一个设置可以控制用户会话的活动时间，而无需再次登录.

Is there a setting in identity server that controls how long the user session is active without having to sign in again.

我已经搜索了文档，并找到了许多Lifetime设置，但不清楚我应该使用其中哪些设置，到目前为止尚无法试用&错误尚未产生任何结果.

I have searched the docs and found a number of Lifetime settings but its not clear which of these I should be using and so far trial & error hasn't yielded any results.

推荐答案

您要控制的是IdentityServer本身存在的cookie的生存期.一旦该Cookie过期，下一次客户端应用程序之一需要再次进行身份验证时，用户将需要重新输入其凭据.

What you are looking to control is the lifetime for the cookie IdentityServer itself issues. Once this cookie expires, the next time one of the client applications need to authenticate again, the user will need to reenter their credentials.

此Cookie的生存期由IdentityServerOptions的AuthenticationOptions中的CookieOption控制(见下文)，并且默认为10小时.

This cookie lifetime is controlled in the CookieOption found in the AuthenticationOptions of the IdentityServerOptions (see below) and defaults to 10 hours.

var options = new IdentityServerOptions
{
    Factory = factory,
    SigningCertificate = Cert.Load(),
    AuthenticationOptions = new AuthenticationOptions
    {
        CookieOptions = new IdentityServer3.Core.Configuration.CookieOptions
        {
            ExpireTimeSpan = TimeSpan.FromHours(24)
        }
    }
};

这篇关于Identity Server 3用户会话生存期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！