问题
我有一个带有Identity的ASP.NET Core 3.1应用程序在本地IIS上运行,它的配置如下,正如您所看到的,cookie被配置为持续3小时:
启动.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<IdentityOptions>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = true;
options.Password.RequiredLength = 8;
});
services.ConfigureApplicationCookie(options =>
{
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromHours(3);
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
}
LoginController.cs
var result = await _signInManager.PasswordSignInAsync(formModel.Email, formModel.Password, true, lockoutOnFailure: false); // isPersistent forced to be TRUE
问题是应用程序在大约30分钟内注销用户,而这不应该发生
我查看了微软的身份证明文件,但没有发现任何错误或遗漏。
有人能帮我吗?
解决方案
首先,您必须遵循以下命令:-第一个AddSession((-然后是AddIdentity((或AddDefaultIdentity((-以及的配置方法
现在,我正在使用一个带有cookie的会话。
Startup.cs文件示例代码:
// First AddSession()
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(3);
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "SessionNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromHours(3);
});
// Then AddIdentity() or AddDefaultIdentity()
services.AddIdentity<User, UserRole>(options =>
{
// Password settings.
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Password.RequiredLength = 6;
}).AddDefaultTokenProviders();
// And the configure methods
services.ConfigureApplicationCookie(options =>
{
// Cookie settings
options.Cookie.MaxAge = TimeSpan.FromHours(3);
options.Cookie.Name = "CookieNameBlaBlaBla";
options.Cookie.HttpOnly = true;
options.LoginPath = new PathString("/login/login");
options.AccessDeniedPath = new PathString("/login/AccessDenied");
options.SlidingExpiration = true;
});
感谢@Deepak Mishra对我的帮助。
因为它依赖于会话,所以在您选中"Remember Me?"(PasswordSignInAsync的IsPersistent参数(之前
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
因此,要么寻找持久cookie,要么增加会话超时。
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(3);
});
此外,根据MS Docs,必须在调用AddIdentity或AddDefaultIdentity。