如何设置asp.net标识cookie到期时间

问题描述 投票:23回答:3

我使用Asp.Net Identity来控制我的应用程序的授权。现在,我需要这样做:如果用户在30分钟内没有操作,请跳转到登录页面,当他登录时不选择“isPersistent”复选框。并且,如果他选择“isPersistent”复选框,请将Cookie的到期日期设置为14天。我尝试通过像这样更改Startup.Auth.cs来做到这一点:

public void ConfigureAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        SlidingExpiration = true,
        CookieName = WebHelpers.ConstStrings.AUTHCOOKIESNAME
    });
}

和SignIn代码如下:

private async Task SignInAsync(User user, bool isPersistent)
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
    var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
    if (isPersistent)
    {
        AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
    }
    else
    {
        AuthenticationManager.SignIn(new AuthenticationProperties() { ExpiresUtc = new DateTimeOffset(DateTime.UtcNow.AddMinutes(30)) }, identity);
    }
}

但是我发现当用户没有选择isPersistent复选框时,cookies的到期日期已经是“会话”,而不是当前时间加上30分钟。

enter image description here

使用像之后的代码时的cookie状态,所以'记住我'复选框无法正常工作。:(。

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            ExpireTimeSpan = TimeSpan.FromMinutes(30),
            SlidingExpiration = true,
            CookieName = WebHelpers.ConstStrings.AUTHCOOKIESNAME
        });

enter image description here

c# asp.net cookies asp.net-identity
3个回答
36
投票

如果IsPersistentAuthenticationProperties属性设置为false,则cookie到期时间设置为Session。

如果选中复选框“记住我”,那么AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true }, userIdentity);将创建一个cookie,其有效期等于你在ExpireTimeSpan中设置的Startup.cs(默认为14天)。

如果未选中复选框“记住我”,则必须使用AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)}, userIdentity);。再次IsPersistent设置为true但现在我们给ExpiresUtc一个值,所以它不使用来自CookieAuthenticationOptionsStartup.cs

public override async Task SignInAsync(ApplicationUser user, bool isPersistent, bool rememberBrowser)
{
    var userIdentity = await CreateUserIdentityAsync(user).WithCurrentCulture();
    // Clear any partial cookies from external or two factor partial sign ins
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie, DefaultAuthenticationTypes.TwoFactorCookie);
    if (rememberBrowser)
    {
        var rememberBrowserIdentity = AuthenticationManager.CreateTwoFactorRememberBrowserIdentity(ConvertIdToString(user.Id));
        AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity, rememberBrowserIdentity);
    }
    else
    {
        //AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, userIdentity);
        if (isPersistent)
        {
            AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity);
        }
        else
        {
            AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30) }, userIdentity);
        }        
    }
}
7
投票

用这个...

public void ConfigureAuth(IAppBuilder app)
{
  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
      ExpireTimeSpan = TimeSpan.FromHours(1),
  });            
}
1
投票

我有同样的问题,这个代码适用于我(在Startup.cs文件内)..

services.Configure<IdentityOptions>(options =>
{
    options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(9999);
});

这为持久性cookie增加了大约27年(或永不过期)。

注意:如果你想要更少的到期时间,你可以使用TimeSpan.FromMinutes(1); 1分钟或TimeSpan.FromSeconds(30); 30秒等。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.