我有一个在Azure应用服务中运行的ASP.Net Core 2站点。我的身份验证似乎随机超时并将用户返回到登录屏幕(即使他们刚刚使用不到一分钟的表单)。它似乎不会发生在我可以确定的任何特定时间间隔内(服务器上几乎没有负载)。
我已经添加了数据保护,然后还尝试将密钥保存到文件系统作为测试(这似乎有助于频率,但它可能是一个红色的鲱鱼)。我已将身份验证cookie设置为24小时,滑动到期,会话为60分钟。
我将我的初创公司全部包括在内,所以我更容易看到我是否已经点了点订单。
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Wiki.Code;
using Wiki.Models;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Http;
using NonFactors.Mvc.Grid;
using Microsoft.AspNetCore.Rewrite;
using System;
using Microsoft.AspNetCore.DataProtection;
using System.IO;
namespace Wiki
{
public class Startup
{
public Startup(IConfiguration configuration, IHostingEnvironment env)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Protect the sessions from app pool recycles
services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(@".\"));
// Authentication
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.LoginPath = new PathString("/Login");
o.AccessDeniedPath = new PathString("/Unauthorized");
o.SlidingExpiration = true;
o.ExpireTimeSpan = TimeSpan.FromHours(24);
});
// Setup MVC and our security.
services.AddMvc()
.AddSessionStateTempDataProvider()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/Admin", "Admin");
options.Conventions.AuthorizeFolder("/Editor", "Editor");
});
// Add the ability to have a session.
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(60);
});
// This is for our data grid.
services.AddMvcGrid();
// Create our policies
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", policy => policy.RequireRole("Admin"));
options.AddPolicy("Editor", policy => policy.RequireRole("Admin", "Approved"));
});
// Get the AppSettings
AppSettings settings = new AppSettings();
Configuration.GetSection("AppSettings").Bind(settings);
services.Configure<AppSettings>(x => Configuration.GetSection("AppSettings").Bind(x));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime appLifetime)
{
app.UseAuthentication();
app.UseSession();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
}
var options = new RewriteOptions();
options.AddRewrite("^article(.*)", $"/Article?href=article$1", false);
app.UseRewriter(options);
app.UseStaticFiles();
app.UseMvc();
}
}
}
更新:在本地,我终于能够在Azure环境之外获得此功能。即使cookie设置为24小时到期,我也会在不到15分钟后收到:“Cookies未经过身份验证。失败消息:票证已过期”