MVC应用程序超时

时间:2016-03-31 16:25:58

标签: identityserver3

我使用Owin在MVC应用程序中配置了IDS和一些应用程序。 (见帖子末尾的代码)。

我遇到的问题是暂停MVC行动。我已将客户端(idsClientId)配置为具有以下设置:

IdentityTokenLifetime:1 AccessTokenLifetime:1 AuthorizationCodeLifetime:1

它设置为隐式流程等......

当我点击MVC动作时,我预计应用程序会超时,但事实并非如此。任何帮助表示赞赏。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                Authority = idsAuthority,
                ClientId = idsClientId,
                Scope = "openid profile roles",
                ResponseType = "id_token token",
                RedirectUri = idsRedirectUri,
                PostLogoutRedirectUri = idsPostLogoutRedirectUri,
                SignInAsAuthenticationType = "Cookies",
                UseTokenLifetime = false,

                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = async n =>
                    {
                        var nid = new ClaimsIdentity(
                            n.AuthenticationTicket.Identity.AuthenticationType,
                            Thinktecture.IdentityServer.Core.Constants.ClaimTypes.GivenName,
                            Thinktecture.IdentityServer.Core.Constants.ClaimTypes.Role);

                        // get userinfo data
                        var userInfoClient = new UserInfoClient(
                            new Uri(n.Options.Authority + "/connect/userinfo"),
                            n.ProtocolMessage.AccessToken);

                        var userInfo = await userInfoClient.GetAsync();
                        userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));

                        // keep the id_token for logout
                        nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                        // add access token for sample API
                        nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                        // keep track of access token expiration
                        nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));

                        // add some other app specific claim
                        nid.AddClaim(new Claim("app_specific", "some data"));

                        n.AuthenticationTicket = new AuthenticationTicket(
                            nid,
                            n.AuthenticationTicket.Properties);
                    },

                    RedirectToIdentityProvider = async n =>
                    {
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenHint != null)
                            {
                                n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                            }
                        }

                    }
                }
            });

1 个答案:

答案 0 :(得分:0)

  var userInfoClient = new UserInfoClient(
                        new Uri(n.Options.Authority + "/connect/userinfo"),
                        n.ProtocolMessage.AccessToken){Timeout = new TimeSpan(0,0,1)};

这将使其每1秒重新验证一次。我认为默认值是1分40,然后才需要重新进行身份验证。

相关问题
最新问题