我在Mvc 5中使用Identty 2
我已将其配置为重定向到cookie过期登录,这是下次刷新时的。
using System;
using System.Configuration;
using System.Security.Policy;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Helpers;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Owin;
using StudentPortalGSuite.Models;
namespace StudentPortalGSuite
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
Int64 cookieDurInMin = 1;
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes( cookieDurInMin ),// How long to leave a "remember me" cookie valid - EWB
CookieName = "SP3GGS-ID2-cookie",
//CookieSecure = CookieSecureOption.Always, // TODO: turn this on for prod/qa so only ssl is allowed - EWB - per https://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromSeconds( 30 ),// how often to valdate against ad - EWB
regenerateIdentity: ( manager, user ) => user.GenerateUserIdentityAsync( manager )
),
OnResponseSignIn = context =>
{
context.Properties.AllowRefresh = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes( cookieDurInMin );
},
} );
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);// HERE EWB
app.UseGoogleAuthentication( new GoogleOAuth2AuthenticationOptions()
{
ClientId = "1032371756979-jtllvb3jdo2h2mg4ocr10o20i8il7r8s.apps.googleusercontent.com",
ClientSecret = "VHUtLlxnB2Zfctp0QyCvu-9X"//,
} );
}
}
}
但是我想检测它什么时候过期并重定向到自动登录(但我不想不断刷新页面)
有一种聪明的方法吗?
谢谢,
埃里克 -
答案 0 :(得分:1)
几乎每个现代浏览器都会在过期时删除cookie。如果您设置会话cookie,它将永远不会过期,直到您告诉它。让我们假装用户登录,他们的cookie持续1小时。在1小时内,cookie的ExpireTimeSpan值将小于当前系统的DateTime,因此浏览器将删除cookie。用户将不再拥有会话cookie,并且需要重新登录。请亲自尝试一下!
如果要检测用户是否已登录,可以设置第二个不相关的会话cookie,说明用户是会话。不要在cookie中存储任何其他信息。我们称之为'Flag'cookie。
如果Flag Cookie存在但实际的Login cookie不存在,您可以重定向到登录页面并通知他们他们的登录会话已过期。一旦你到达那里,我一定会删除cookie,这样每次加载页面时都不会重定向到登录。这是一种快速而肮脏的方式,但它的工作正常。
以下是您的测试示例。尝试添加此代码以创建cookie并观察它在1分钟后自行删除:
var timedCookie = new HttpCookie("timedCookie")
{
Value = "Timed cookie",
Expires = DateTime.Now.AddMinutes(1)
};
Response.Cookies.Add(timedCookie);
这是我在Chrome中查看Cookie的方式。如果您不使用Chrome,则必须在使用的任何浏览器中查看如何执行此操作:
运行代码获取cookie后,可以按F12打开开发人员控制台。在此处,单击顶部栏中的“应用程序”,然后在侧栏中选择“Cookie”。选择与网站相关的一个(通常在列表中的第一个),您将看到您的cookie。等待大约1-2分钟,以便时间肯定过去了。您应该能够刷新并观看浏览器删除cookie