IdentityServer4如何设置服务器cookie到期 [英] IdentityServer4 how to set server cookie expiration

问题描述

到目前为止，我已经看到了如何设置客户端Webapp Cookie的过期时间（谢谢v0id）： IdentityServer4 cookie到期

So far I've seen how to set expiration for the client webapp's cookie (thank you v0id): IdentityServer4 cookie expiration

IdentityServer4实际上使用了两个cookie-客户端cookie和服务器cookie（ idsrv）。

There are actually two cookies used by IdentityServer4 - the client cookie and server cookie ("idsrv").

如果我按照此处所示设置客户端cookie到期：
IdentityServer4 cookie过期
，然后当我关闭浏览器并返回需要授权的客户端Webapp页面时，由于浏览器会话不再具有服务器cookie，访问被拒绝。

If I set the client cookie expiration as given here: IdentityServer4 cookie expiration then when I close the browser and go back to a client webapp page where I need to be authorized, I get access denied because the browser session no longer has the server cookie.

因此，我需要一种将 idsrv cookie过期时间设置为与客户端相同的方法。

So I need a way to set the "idsrv" cookie expiration to be the same as the client.

当前，我看到的设置服务器Cookie（以某种方式被忽略或删除）的最佳方法是Ident中的以下代码块ityServer4主机Startup.cs / ConfigureServices（）方法：

Currently, the best way I see to set the server cookie (it is being ignored or dropped somehow) is the following code block in the IdentityServer4 host Startup.cs / ConfigureServices() method:

services.AddIdentityServer(options =>
            {
                options.Authentication.CookieLifetime = new TimeSpan(365, 0, 0, 0);
                options.Authentication.CookieSlidingExpiration = true;
            })

这应该将Cookie的过期期限设置为一年。但是，在Chrome开发人员工具的应用程序选项卡下的cookie中，我看到它的到期默认日期仍为1969年。

That should set the cookie's expiration to one year later. However, in Chrome developer tools under the Application tab, cookies, I see that it still has an expired expiration default date in 1969.

我下载了IdentityServer4项目源，删除了该源nuget包，并将源项目添加到我的解决方案中，以便我可以对其进行调试。

I downloaded the IdentityServer4 project source, removed the nuget package, and added the source project to my solution so I could debug through it.

我看到它得到了我在ConfigureInternalCookieOptions.cs / Configure（）方法中给定的到期时间。它也匹配内部的DefaultCookieAuthenticationScheme /应用属性。我还没有找到任何特定于IdentityServer的东西来忽略我设置的到期日期，但是它仍然具有1969年的到期日期。

I see that it gets the expiration I gave it in the ConfigureInternalCookieOptions.cs / Configure() method. It's matching the DefaultCookieAuthenticationScheme inside as well / applying the properties. I haven't found anything specific to IdentityServer that would ignore the expiration date I've set, but it still has the 1969 expiration.

编辑：我试图如下设置持久化IdentityServer主机的AccountController中的cookie（有趣的是，Microsoft有一篇很好的文章，内容涉及在不使用AspNet Identity的情况下使用身份验证属性： https://docs.microsoft.com/zh-cn/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x -它以cookie的形式发送信息，方案只是cookie名称）：
在ExternalLoginCallback（）中：

I've attempted to set the cookie persistent in the IdentityServer host's AccountController as follows (interestingly enough, Microsoft has a good article around using authenticationproperties without using AspNet Identity here: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x - it is sending information in a cookie, "scheme" is just the cookie name): In the ExternalLoginCallback():

if (id_token != null)
        {
            props = new AuthenticationProperties();
            props.ExpiresUtc = DateTimeOffset.UtcNow.Add(AccountOptions.RememberMeLoginDuration);
            props.IsPersistent = true;
            props.StoreTokens(new[] { new AuthenticationToken { Name = "id_token", Value = id_token } });
        }

所有服务器端Cookie均未设置过期时间（AccountOptions RememberMeLoginDuration也为设置为365天）。

None of the server side cookies have their expiration set (the AccountOptions RememberMeLoginDuration is also set to 365 days). Both "idsrv" and "idsrv.session" still have a 1969 expiration.

推荐答案

您可以在以下情况下配置Identity Server的身份验证cookie生存期：您可以在 Startup.cs 中注册Identity Server，就像这样：

You can configure Identity Server's authentication cookie lifetime when you register Identity Server in your Startup.cs, like this:

services.AddIdentityServer(options =>
{
    options.Authentication.CookieLifetime = TimeSpan.FromHours(10);
})

注意：您还需要在登录用户时指出cookie应该是持久性的。如果您使用的是Quickstart UI，则必须在登录屏幕上的记住我复选框以获取永久cookie。或者，您可以修改代码以始终发出持久性cookie-像这样：

Note: you also need to indicate that the cookie should be persistent when logging the user in. If you're using the Quickstart UI, then you have to tick the "Remember me" checkbox on the login screen to get a persistent cookie. Or you can modify the code to always issue a persistent cookie - something like this:

HttpContext.SignInAsync(subject, name, new AuthenticationProperties{ IsPersistent = true});

这篇关于IdentityServer4如何设置服务器cookie到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！