Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
925 views
in Technique[技术] by (71.8m points)

c# - Session logged out too soon

I'm using ASP.NET Core 2.1 with Microsoft Identity and users are complaining that they keep getting redirected to the login screen after only around 30 minutes of inactivity. I've set it up with 60 minutes in the ExpireTimeSpan, but it's never lasting anywhere near that long. Any suggestions?

This is what I have in the Startup.cs file:

public void ConfigureServices(IServiceCollection services)
{
    services.AddScoped<IRFDbRepository, RFDbRepository>();
    var connection = _configuration.GetConnectionString("RFDbConnection");
    services.Configure<ConnectionStrings>(_configuration.GetSection("ConnectionStrings"));
    services.AddDbContext<IdentityDbContext>(options => options.UseSqlServer(connection));
    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddRazorPagesOptions(options =>
    {
        options.AllowAreas = true;
        options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
    });

    services.AddIdentity<User, UserRole>().AddDefaultTokenProviders();
    services.AddTransient<IUserStore<User>, UserStore>();
    services.AddTransient<IRoleStore<UserRole>, RoleStore>();

    services.ConfigureApplicationCookie(options =>
    {
        options.LoginPath = "/Identity/Account/Login";
        options.LogoutPath = "/Identity/Account/Logout";
        options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
        options.SlidingExpiration = true;
    });
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IRFDbRepository rFDbRepository)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    loggerFactory.AddFile(_configuration.GetValue<string>("Logging:LogFile"));
    app.UseStaticFiles();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
        routes.MapRoute(
            name: "ActionApi",
            template: "api/{controller}/{action}/{id?}");
    });
}
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I've finally found the root of this problem.

There is an issue with Identity in ASP.NET Core 2.1 whereby if you have implemented your own version of the UserStore but not IUserSecurityStampStore, most functionality regarding security stamps will be skipped.

When you call AddIdentity() it does a validation check on the securityStamp every 30 minutes.

This results in the confusing behaviour that the user is logged out after 30 minutes, even though the cookies did not expire.

There is a fix for this coming in ASP.NET Core 2.2 apparently, further details here

https://github.com/aspnet/Identity/issues/1880

In the meantime, you can either get your UserStore to implement IUserSecurityStampStore, or do what I did as a quick fix for now, by adding this to your startup.cs which increases the time between failures from 30 minutes to 10 hours.

services.Configure(o => o.ValidationInterval = TimeSpan.FromHours(10));


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...