我拥有带有aspnetidentity的identityserver4,它正在运行,但在服务器重新启动时,应用程序会重定向用户再次签名。
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
//options.Authentication.CookieLifetime = TimeSpan.FromSeconds(30);
options.Authentication.CookieLifetime = TimeSpan.FromMinutes(20);
}).AddSigningCredential(cert)
//.AddInMemoryIdentityResources(Config.GetIdentityResources())
//.AddInMemoryApiResources(Config.GetApiResources())
//.AddInMemoryClients(Config.GetClients())
//.AddTestUsers(Config.GetUsers());
.AddConfigurationStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)))
.AddOperationalStore(builder =>
builder.UseSqlServer(connectionString, options =>
options.MigrationsAssembly(migrationsAssembly)))
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<ProfileService>();
我没有任何问题,因为它是以cookie格式的客户端浏览器。无论服务器是否仍然重新启动资源允许。
但id_token是相同的情况,但是当请求转到Idmsrv端点时,连接/授权它会让用户再次登录。
答案 0 :(得分:0)
将密钥保留在磁盘而不是内存中,这样当cookie返回服务器以使用密钥解密时,它就会有一个密钥。
// REFERENCE https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers
// REFERENCE持久密钥http://www.tugberkugurlu.com/archive/asp-net-core-authentication-in-a-load-balanced-environment-with-haproxy-and-redis
aggregate