ASP.NET 2.0的核心 - 用户在一个小时之内注销

问题描述 投票:0回答:1

前些日子我发表我的代码为“生产”环境只是为了测试目的。所以这个网站,我一直在开发它的在线。问题是,不管什么样的变化我做的cookie设置。

我试图改变滑动过期真和假,都使用:

        options.ExpireTimeSpan = TimeSpan.FromDays(30);                
        options.Cookie.Expiration = TimeSpan.FromDays(30);

到期也设定为1年。一切似乎是工作。

这是我的Startup.cs设置:

public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders = ForwardedHeaders.All;
                options.RequireHeaderSymmetry = false;
            });

            services.AddDbContext<IdentityDataContext>();

            services.AddIdentity<PinchilaIdentityUser, IdentityRole>()
                .AddEntityFrameworkStores<IdentityDataContext>()
                .AddUserManager<PinchilaUserManager>()
                .AddDefaultTokenProviders();
                services.Configure<SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromSeconds(10));
                services.AddAuthentication()
                    .Services.ConfigureApplicationCookie(options =>
                    {
                        options.SlidingExpiration = true;
                        options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
                    });
}

        //COOKIE
            services.ConfigureApplicationCookie(options => {
                if (!String.IsNullOrEmpty(PinchilaSettings.Instance.CookieDomain))
                {
                    options.Cookie.Domain = PinchilaSettings.Instance.CookieDomain;
                }
                if (!String.IsNullOrEmpty(PinchilaSettings.Instance.CookieName))
                {
                    options.Cookie.Name = PinchilaSettings.Instance.CookieName;
                }
                options.AccessDeniedPath = new PathString("/error/default");
                options.ExpireTimeSpan = TimeSpan.FromDays(30);
                options.Cookie.Expiration = TimeSpan.FromDays(30);
            });

            var mvcBuilder = services.AddMvc();

            services.Configure<RazorViewEngineOptions>(options => {
                options.ViewLocationExpanders.Add(new ViewLocationExpander());
            });

            mvcBuilder.AddMvcOptions(o => {
                o.Filters.Add(typeof(GlobalExceptionFilter));
                o.Filters.Add(typeof(RuntimeStateFilter));
                o.Filters.Add(typeof(RouteLoggerFilter));
            });

            services.AddAntiforgery(options => {
                options.HeaderName = Utilities.CONSTANTS.REQUEST_VERIFICATION_HEADER_NAME;
                options.FormFieldName = Utilities.CONSTANTS.REQUEST_VERIFICATION_HEADER_NAME;
            });


            services.AddScoped<IViewRenderService, ViewRenderService>();
            services.AddLogging(loggingBuilder =>
            {
                var filter = new LoggingFilter();
                loggingBuilder.AddFilter(filter.Filter);
            });
        }

这是我的登录部分从我的AccountController:

[HttpPost]
[AllowAnonymous]
[PinchilaValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    ViewData["ReturnUrl"] = returnUrl;
    if (ModelState.IsValid)
    {
        model.UserName = model.UserName.TrimSafe();
        model.Password = model.Password.TrimSafe();
        var user = await _userManager.FindByNameAsync(model.UserName);
        if (user != null)
        {
            var result = await _signInManager.PasswordSignInAsync(user, model.Password, model.RememberMe, lockoutOnFailure: true);
            if (result.Succeeded)
            {

                var cookie = HttpContext.Request.Cookies["theme"];
                if (cookie != null && !String.IsNullOrEmpty(cookie))
                {
                    Response.Cookies.Append("theme", "", new Microsoft.AspNetCore.Http.CookieOptions() { Expires = DateTime.UtcNow.AddDays(30) });
                }

                return RedirectToLocal(returnUrl);
            }
            if (result.IsLockedOut)
            {
                ModelState.AddModelError(string.Empty, "This account has been locked out for security reasons. Try again later.");
                return View(model);
            }
            else
            {
                ModelState.AddModelError(string.Empty, "Invalid login attempt");
                return View(model);
            }
        }
        else
        {
            ModelState.AddModelError(string.Empty, "Invalid login attempt");
        }
    }

    return View(model);

}

如果你们能给我一些不同的观点,我会非常感激。

编辑:这是饼干看起来像在Chrome控制台上:enter image description here

asp.net-core asp.net-core-mvc asp.net-core-2.0 session-cookies
1个回答
0
投票

由于@TiagoBrenck评论我开始寻找在服务器端的答案。

我发现this post。请看@ dantey89答案。它固定我的问题。

基本上,里面startup.cs,在ConfigureServices方法,你需要把这个:

        public void ConfigureServices(IServiceCollection services)
    {

        var environment = services.BuildServiceProvider().GetRequiredService<IHostingEnvironment>();


        services.AddDataProtection()
                .SetApplicationName($"my-app-{environment.EnvironmentName}")
                .PersistKeysToFileSystem(new DirectoryInfo($@"{environment.ContentRootPath}\keys"));

       ...

    }

这将创建一个文件夹。它需要的权限从应用程序池或将有错误500。

希望这会帮助别人。

© www.soinside.com 2019 - 2024. All rights reserved.