.NET核心2 CookieAuthentication忽略过期时间跨度
我正在使用CookieAuthentication开发一个.NET Core2.1Web应用程序。由于某些原因,在CookieAuthenticationOptions对象上设置ExpireTimeSpan和Cookie.Expiration对Cookie的生存期没有影响。Chrome总是显示与1969-12-31T23:59:59.000Z相同的过期日期。因此,在关闭浏览器窗口后,cookie就消失了。
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDistributedMemoryCache();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = new PathString("/Account/Login/");
options.AccessDeniedPath = new PathString("/Account/Login/");
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.Expiration = TimeSpan.FromDays(14);
options.ExpireTimeSpan = TimeSpan.FromDays(14);
});
services.AddMvc(options =>
{
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
});
services.AddAntiforgery(options => options.HeaderName = "X-CSRF-TOKEN");
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
}
var provider = new FileExtensionContentTypeProvider();
provider.Mappings[".tag"] = "riot/tag";
app.UseStaticFiles(new StaticFileOptions()
{
ContentTypeProvider = provider
});
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}在SignIn上的我正在使用这个代码
ClaimsPrincipal user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userId.Value.ToString()) }, CookieAuthenticationDefaults.AuthenticationScheme));
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);我试过把services.AddMvc放在services.AddAuthentication之前,但这没有什么区别。我也在services.AddAuthentication之后尝试过services.ConfigureApplicationCookie,就像这个答案中的Cookie expiry in ASP.NET Core 2.0 with Identity
我遗漏了什么?
回答 3
Stack Overflow用户
发布于 2018-06-04 05:00:28
Use IsPersistent = true
示例
var claims = new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, client.Id),
new Claim(ClaimTypes.Role, client.Role)
};
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(identity),
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddYears(1),
IsPersistent = true
});Stack Overflow用户
发布于 2019-03-14 06:29:51
Chrome中的过期日期代表cookie在浏览器中的生命周期,而不是令牌的超时时间。将Identity Server 4与ASP.NET Identity一起使用时,此处起作用的是Identity服务器的cookie超时。客户端令牌过期后,将根据Identity Server重新对用户进行身份验证,由于该令牌尚未过期,因此客户端令牌将被续订。要在Identity服务器上设置过期时间,必须在Identity服务器Startup.cs中添加ConfigureApplicationCookiemiddleware,如下所示:
services.AddAuthentication();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Expiration = TimeSpan.FromDays(14);
options.ExpireTimeSpan = TimeSpan.FromDays(14);
options.SlidingExpiration = false;
});
services.AddMvc().SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_1);.net核心3.1 (不再需要cooke.expiration作为单独选项)的更新:
services.AddAuthentication();
services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(14);
options.SlidingExpiration = false;
});
services.AddMvc();Stack Overflow用户
发布于 2020-09-02 19:52:45
身份具有专用cookie配置选项CookieAuthenticationOptions和cookie过期值已决定忽略,可以在此处找到一些说明:Github issue Test reference
https://stackoverflow.com/questions/50670654
复制相似问题
腾讯云开发者
