由于某些原因,用户几乎每10/20分钟就会被重定向回login.microsoftonline.com。这很烦人,因为下面的代码用于登录CMS的用户。
有人能告诉我以下代码出了什么问题吗?为什么我们的用户会注销/重定向回login.microsoftonline.com?会话生存期设置为60分钟,所以它必须是具有授权本身的东西。
我们应该使用WsFederationAuthenticationDefaults.AuthenticationType、CookieAuthenticationDefaults.AuthenticationType还是DefaultAuthenticationTypes.ApplicationCookie?
我们希望允许用户使用表单(/account/inloggen)或名为"Azure SSO"的按钮(这是一种外部登录)登录
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/inloggen"),
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = ctx =>
{
ctx.Identity = TransformClaims(ctx.Identity);
ctx.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(7.0);
},
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
ExpireTimeSpan = TimeSpan.FromDays(7.0),
SlidingExpiration = true
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
ExpireTimeSpan = TimeSpan.FromDays(7.0),
SlidingExpiration = true
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = "https://login.microsoftonline.com/xxxxxxxxxxxxxx/federationmetadata.xml",
Wtrealm = "https://portal.domain.com",
Caption = "Azure SSO",
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
UseTokenLifetime = false,
AuthenticationMode = AuthenticationMode.Passive
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}
我们应该在何时以及为什么使用它?
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
正如你可能已经注意到的,我对这一切都很陌生。我浏览了堆栈溢出并在谷歌上搜索了很多例子,但没有明确的答案/教程来解释不同的授权类型、它们的属性以及它们的使用方式。
您的validateInterval:TimeSpan.FromMinutes(30)设置为30分钟。
validateInterval与在给定时间内过期的cookie不同。例如,用户在位置a登录,然后转到位置B并登录并更改密码。然后他们在30分钟后回到地点A。他们将被注销。
SecurityStampValidator是在创建/更改密码或添加/删除外部登录名时创建的
来源:http://www.jamessturtevant.com/posts/ASPNET-Identity-Cookie-Authentication-Timeouts/
希望能有所帮助。