我正在使用 microsoft asp.net 身份的自定义实现,因为我有自定义表,这就是为什么我给出了所有方法的自定义实现IUserStore 和 IUserPasswordStore.
问题是当用户登录时,10 - 15 分钟后登录用户
会话过期,但我想要的是除非用户注销我想要
保持用户登录系统。
Code:
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
}
}
账户控制器:
[Authorize]
public class AccountController : Controller
{
public AccountController()
: this(new UserManager<UserModel>(new UserStore()))
{
}
public AccountController(UserManager<UserModel> userManager)
{
UserManager = userManager;
}
public UserManager<UserModel> UserManager { get; private set; }
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(string email, string password, bool rememberMe = false, string returnUrl = null)
{
if (ModelState.IsValid)
{
var user = UserManager.Find(email, password);
if (user != null)
{
await SignInAsync(user, rememberMe);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
}
return View();
}
private async Task SignInAsync(UserModel user, bool isPersistent)
{
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim("FullName", user.FirstName + " " + user.LastName));
identity.AddClaim(new Claim("Email", user.Email));
identity.AddClaim(new Claim("Role", user.Role));
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent, ExpiresUtc = DateTime.UtcNow.AddDays(7) }, identity);
}
private IAuthenticationManager AuthenticationManager
{
get
{
return HttpContext.GetOwinContext().Authentication;
}
}
}
网页配置:
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
现在,在下面的行中,我给出了 7 天的到期时间,但会话仍然会在 10 - 15 分钟内到期:
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent, ExpiresUtc = DateTime.UtcNow.AddDays(7) }, identity);
在我的下面的问题中,您会找到我的UserModel,自定义UserStore类但为了保持这个问题较小,我不会将该代码放在这里:
用户模型和用户存储 https://stackoverflow.com/questions/39275597/how-to-give-custom-implementation-of-updateasync-method-of-asp-net-identity
Update: 我已经完全排除了应用程序用户类所以现在下面的代码对我来说毫无用处,我想因为这个我的cookie会过期(我仍然不确定):
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
注意:**保持会话长时间处于活动状态的原因是因为我的 mvc 应用程序是角度驱动的,例如 Http get 调用、Http post 调用,因此当用户会话过期并且我尝试任何 **get 或 post 时调用然后在会话过期的情况下什么也不会发生,但是当我刷新整个页面时,用户将被重定向到登录页面,但在此之前,如果用户不刷新页面,用户将如何知道发生了什么。