Question

我的网络应用程序是MVC5。我正在调用IdentityServer4应用程序的URL以在登录时对用户进行身份验证。以下是我的应用程序中的Startup类的方法

public void ConfigureAuth(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();            

        var authority = LayeredConfiguration.GetValue("HydraInsuranceWeb-UserManagement-Authority");
        var redirectUri = LayeredConfiguration.GetValue("HydraInsuranceWeb-UserManagement-RedirectUri");

        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationType = "Cookies",
            SlidingExpiration = false,
            ExpireTimeSpan = System.TimeSpan.FromMinutes(2),
            CookieName = "MyTestCookie"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Authority = authority,
            ClientId = AuthConstants.InsuranceWebClientId,
            Scope = "openid profile user.management hydra.eventhistory.api",
            RedirectUri = redirectUri,
            ResponseType = "code id_token",

            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false,

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = n =>
                {
                    try
                    {
                        var transformedHydraIdentity = new HydraIdentityBuilder(n.AuthenticationTicket.Identity)
                                .AllowSecurityAdmin()
                                .IncludeRoleProfiles()
                                .IncludeIdToken(n.ProtocolMessage.IdToken)
                                .IncludeStandardClaims()
                                .Build();

                        n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(
                            transformedHydraIdentity,
                            n.AuthenticationTicket.Properties);
                    }
                    catch (Exception ex)
                    {
                        n.HandleResponse();
                        n.Response.Redirect("/Error/NoAuthorization");

                        DiagnosticService.Writer.AddError("Authentication Error", ex);
                    }

                    return Task.FromResult(0);
                },
            }
        });
    }

登录后，Cookie的到期时间始终为“会话”，而不是当前时间加上2分钟。

但我的期望是cookie的到期时间是特定的日期时间，应该是当前时间加上2分钟。如果用户在2分钟内没有操作，请跳转到登录页面。

有谁知道这个问题？请告诉我如何调查或调试以了解为什么cookie的到期时间会发生变化。

还有2个Cookie：.AspNet.Cookies和MyTestCookie。哪个cookie用于验证用户身份？

Answer 1

登录时，您需要将IsPersistent设置为True。

AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)}, userIdentity);

使用Owin时，为什么cookie的到期日期为“会话”

1 个答案: