ASP.NET 1.0的核心 - MVC 6 - Cookie有效期 [英] ASP.NET Core 1.0 - MVC 6 - Cookie Expiration
问题描述
更新:
这绝对不是在RC1的错误。该cookie设置与默认的UserManager和UserStore工作,所以它必须是事涉及到我的UserManager / UserStore,我监督。我基本上是在这里使用的实现:
https://github.com/jesblit/ASPNET5-FormAuthenticationLDAP
It is definitely not a bug in RC1. The cookie settings are working with the default UserManager and UserStore, so it must be something related to my UserManager/UserStore, I've overseen. I basically use the implementation here: https://github.com/jesblit/ASPNET5-FormAuthenticationLDAP
原贴:
我有持续登录的问题。不管我怎么配置的cookie,30分钟后,该用户将自动注销(不管用户多少与应用程序交互)。
I have a problem with persistent logins. No matter how I configure the cookie, after 30 minutes, the User is automatically logged out (no matter how much the user interacts with the App).
我安装我的应用程序:
public void ConfigureServices(IServiceCollection services)
{
services.AddCaching();
services.AddSession(options => {
options.IdleTimeout = TimeSpan.FromDays(1);
options.CookieName = ".MySessionCookieName";
});
services.AddEntityFramework()
.AddNpgsql()
.AddDbContext<Model1>(options =>
options.UseNpgsql(Configuration["Data:DefaultConnection:ConnectionString"]));
services.AddIdentity<MinervaUser, MinervaRole>(options => {
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(1);
options.Cookies.ApplicationCookie.SlidingExpiration = true;
options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
})
.AddUserStore<MinervaUserStore<MinervaUser>>()
.AddRoleStore<MinervaRoleStore<MinervaRole>>()
.AddUserManager<MinervaUserManager>();
services.AddMvc();
}
和
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
try
{
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
}
}
catch { }
}
app.UseIISPlatformHandler(options => { options.AuthenticationDescriptions.Clear(); options.AutomaticAuthentication = true; });
app.UseSession();
app.UseIdentity();
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
登录操作是:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
if (result.Succeeded)
{
_logger.LogInformation(1, "User logged in.");
return RedirectToLocal(returnUrl);
}
...
我使用的是默认SignInManager。至于说,过期超时我Startup.Configure设置和Startup.ConfigureServices没有任何效果可言。登录 - > 30分钟 - >自动注销:(
I am using the default SignInManager. As said, the Expiration Timeouts I set in Startup.Configure and Startup.ConfigureServices have no effect at all. Login -> 30mins -> automatically logged out :(
怎样做才能延长这个时间段?
What to do to extend this time period?
(BTW:自定义用户,的UserManager,UserStore不以任何方式德饼干干扰,他们只是验证凭据(他们应该是什么;)))
(btw: the custom User, UserManager, UserStore don't interfere with teh Cookie in any way, they "just" validate the credentials (what they're supposed to ;) ))
推荐答案
TL; DR:如果您有一个自定义的用户管理器时,一定要落实GetSecurityStampAsync,UpdateSecurityStampAsync并设置SupportsUserSecurityStamp为true
TL;DR: If you have a custom user manager, be sure to implement GetSecurityStampAsync, UpdateSecurityStampAsync and set SupportsUserSecurityStamp to true.
解决这个问题的解决方案是pretty简单(但我没有在文档中发现的任何地方)。作为默认实现(创建新的ASP应用MVC6 ...)的作品,我检查自己的数据库表,发现安全标志(我没有实现)。根据该回答这个问题<一href=\"https://stackoverflow.com/questions/19487322/what-is-asp-net-identitys-iusersecuritystampstoretuser-interface\">What是ASP.NET身份的IUserSecurityStampStore&LT;&TUSER GT;接口?这邮票每30分钟,这令人惊讶的适合我的问题重新验证。所以,我所做的只是延长我自己的UserManager以
The solution to this is pretty simple (but I haven't found it anywhere in the docs). As the default implementation (Create new ASP MVC6 App...) works, I checked their DB tables and found the security stamp (which I didn't implement). According to the Answer to this question What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface? this stamp is revalidated every 30 minutes, which surprisingly fits to my problem. So, all I did was extending my own UserManager with
public class MinervaUserManager:UserManager<MinervaUser>
// Minerva being the name of the project
{
...
public override bool SupportsUserSecurityStamp
{
get
{
return true;
}
}
public override async Task<string> GetSecurityStampAsync(MinervaUser user)
{
// Todo: Implement something useful here!
return "Token";
}
public override async Task<IdentityResult> UpdateSecurityStampAsync(MinervaUser user)
{
// Todo: Implement something useful here!
return IdentityResult.Success;
}
这些假人总是返回每次更新相同SecurityStamp和成功。这是因为没有在所有位prevents注销的SecurityStamps安全。
These dummies always return the same SecurityStamp and "Success" on every Update. This is as secure as not having the SecurityStamps at all bit prevents the logout.
这篇关于ASP.NET 1.0的核心 - MVC 6 - Cookie有效期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!