i具有带有AspnetIdentity的IdentityServer4,它正在工作,但在服务器上重新启动应用程序将用户重定向到再次签名。
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
//options.Authentication.CookieLifetime = TimeSpan.FromSeconds(30);
options.Authentication.CookieLifetime = TimeSpan.FromMinutes(20);
}).AddSigningCredential(cert)
//.AddInMemoryIdentityResources(Config.GetIdentityResources())
//.AddInMemoryApiResources(Config.GetApiResources())
//.AddInMemoryClients(Config.GetClients())
//.AddTestUsers(Config.GetUsers());
.AddConfigurationStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)))
.AddOperationalStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)))
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>();
使用访问令牌,我没有任何问题,因为它以cookie格式的客户端浏览器。无论服务器是否重新启动仍然允许。
但是ID_Token是相同的情况,但是当请求转到IDMSRV端点连接/授权时,它使用户再次登录。
坚持磁盘的密钥而不是在内存中,因此当cookie返回服务器以使用键解密时,它将具有一个键。
//参考https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers
//参考持续键http://www.tugberkugurlu.com/archive/asp-net-core-authentication-in-a-a-a-load-balanced-environment-with-haproxy-and-endis-and-rect-haproxy-and-redis
services.AddDataProtection() //Microsoft.AspNetCore.DataProtection.Redis package
.PersistKeysToFileSystem(new DirectoryInfo("F:\Jana\Certs\Keys\"));