是否有一种简单的方法来将通过AspNet Core 2+站点中的openid创建的身份验证cookie设置为具有会话范围?像这样,用户必须为每个新会话重新进行身份验证吗?
我尝试将TicketReceivedContext.IsPersistent设置为false,但这似乎不起作用:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
// Instead of using the default validation (validating against a single issuer value, as we do in
// line of business apps), we inject our own multitenant validation logic
ValidateIssuer = false,
};
options.Events = new OpenIdConnectEvents
{
OnTicketReceived = context =>
{
context.Properties.IsPersistent = false;
// If your authentication logic is based on users then add your logic here
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
context.Response.Redirect("/Error");
context.HandleResponse(); // Suppress the exception
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
return Task.CompletedTask;
}
};
});
services.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}