即使使用Identity ASP.NET MVC框架关闭了浏览器,如何保持用户登录? [英] How can keep the user logged in even after the browser has closed with Identity ASP.NET MVC framework?
问题描述
当前,每次用户浏览器关闭时,他/她将不得不再次登录.
当他们登录时,这是我用来在Identity中对其进行签名的代码.
SignInManager.SignIn(user, false, false);
这是今天配置我的身份验证的方式
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "SomeCustomName",
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(60),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = false,
ExpireTimeSpan = TimeSpan.FromMinutes(60)
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(3));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
即使他/她关闭了浏览器,如何保持使用状态登录60分钟?
您应该进行2次更改.
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
SlidingExpiration = true,
您要使用cookie,以便将cookie保留在浏览器中,并且如果以后再次打开该网站可以重新读取.您还希望滑动到期时间,以使每个请求都可以延长Cookie的生存期,否则,从首次发出Cookie的时间起60分钟后,用户将不得不重新进行身份验证.
支持文档:
最后,登录调用应为第二个参数传递true.只有在使用2因子身份验证时,第三个参数才有意义.
SignInManager.SignIn(user, true, false);
旁注
为了安全起见,还可以设置选项CookieHttpOnly = true以确保脚本/客户端代码无法访问cookie,这不是一个坏主意.
Currently, each time the user browser closes, he/she will have to login again.
When they login, this is the code that I use to sign them in Identity.
SignInManager.SignIn(user, false, false);
Here is how my Authentication is configured today
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "SomeCustomName",
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(60),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = false,
ExpireTimeSpan = TimeSpan.FromMinutes(60)
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(3));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
How can I keep the use logged in for 60 minutes even if he/she closed the browser?
You should make 2 changes.
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
SlidingExpiration = true,
You want to use a cookie so that it is persisted in the browser and can be re-read if the web site is opened again later. You also want to slide the expiration so that way each request will extend the lifetime of the cookie, otherwise the user will have to re-authenticate after 60 minutes from the first time the cookie is issued.
Supporting documentation:
Finally the call to sign in should pass true for the 2nd parameter. The 3rd parameter is only relevant if you are using 2 factor authentication.
SignInManager.SignIn(user, true, false);
Side note
For security it is not a bad idea to also set option CookieHttpOnly = true which ensures that the cookie cannot be accessed by scripts/client side code.
这篇关于即使使用Identity ASP.NET MVC框架关闭了浏览器,如何保持用户登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
