大约40分钟不活动后,SPA请求失败

时间:2017-01-26 13:47:02

标签: asp.net-mvc single-page-application azure-active-directory

为什么我的请求在大约40分钟不活动后开始失败?

我设置了与https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims相同的身份验证机制(我使用的是Asp.Net MVC4:

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = ConfigHelper.ClientId,
                Authority = ConfigHelper.Authority,
                PostLogoutRedirectUri = ConfigHelper.PostLogoutRedirectUri,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthorizationCodeReceived = async context =>
                    {
                        ClientCredential credential = new ClientCredential(ConfigHelper.ClientId, ConfigHelper.AppKey);
                        string userObjectId = context.AuthenticationTicket.Identity.FindFirst(Globals.ObjectIdClaimType).Value;
                        AuthenticationContext authContext = new AuthenticationContext(ConfigHelper.Authority, new TokenDbCache(userObjectId));
                        AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
                            context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, ConfigHelper.GraphResourceId);
                    },

                    AuthenticationFailed = context =>
                    {
                        context.HandleResponse();
                        context.Response.Redirect("/Error/ShowError?signIn=true&errorMessage=" + context.Exception.Message);
                        return Task.FromResult(0);
                    }
                }
            });
    }
}

我正在使用angular2 SPA应用程序,在一段时间不活动后,当应用程序尝试发送请求时,此请求失败(    在chrome工具中,我看到API请求被重定向到认证服务器(azure aad),但它们没有被服务器正确处理,我在客户端看到了认证服务器响应。 )

如果我刷新页面,一切正常。

我已经禁用了IIS回收并设置了iddleTimout = 0.

在web.config中,我禁用了默认身份验证:

<authentication mode="None" />
<sessionState timeout="1440">

1 个答案:

答案 0 :(得分:0)

事实证明,如果OpenIdConnectAuthenticationOptions UseTokenLifetime设置为true,则会忽略Cookie到期时间设置。 另外我发现我正在使用库,默认情况下此设置设置为true。此默认行为已更改,现在默认情况下UseTokenLifetime设置为false:https://github.com/aspnet/Security/commit/966fa6672ff3c5bd75703c325512778722ff46a2#diff-c130fbf3a8ec2c0c32beaf27fcf04ea9

所以

 new OpenIdConnectAuthenticationOptions
                { UseTokenLifetime = false }

解决了我的问题