Question

https://github.com/NanaseRuri/LibraryDemo/tree/Failed

我已经在我的ASP.Net Core项目中设置了过期时间，但是它不起作用。 8秒后，我仍然可以使用[Authorize]输入操作。

await HttpContext.SignInAsync(principal,new AuthenticationProperties()
{
    ExpiresUtc = DateTime.UtcNow.AddSeconds(8)
});

Startup.cs：

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
});

身份验证：

if (admin.Password == encryptedPassword)
{
    ClaimsIdentity identity = new ClaimsIdentity("Cookie");
    identity.AddClaims(new[]
    {
        new Claim(ClaimTypes.Name, admin.UserName),
        new Claim(ClaimTypes.Email, admin.Email),
        new Claim(ClaimTypes.MobilePhone, admin.PhoneNumber),
        new Claim(ClaimTypes.Role, "admin"),
    });

    var principal = new ClaimsPrincipal(identity);
    await HttpContext.SignInAsync(principal, new AuthenticationProperties()
    {
        ExpiresUtc = DateTime.UtcNow.AddSeconds(8)
    });

    if (returnUrl != null)
    {
        return Redirect(returnUrl);
    }

    return RedirectToAction("Index");
}

Answer 1

请尝试以下操作！我已经对此进行了测试，并且效果很好。

services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(5); // Set your expiration time here


    options.SlidingExpiration = false;
});

只要登录的用户处于活动状态，如果不希望其过期，请设置options.SlidingExpiration = true;。

过期时间在ASP.Net Core中不起作用

1 个答案: