我在Startup.cs中使用以下配置设置了ASP.Net Core 3.0 Web服务器:
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpContextaccessor();
services.AddControllers();
services.AddIdentityServer(options =>
{
options.Authentication.Cookieslidingexpiration = true;
options.Authentication.CookieLifetime = TimeSpan.FromDays(30);
}
)
.AddInmemoryCaching()
.AddClientStore<InmemoryClientStore>()
.AddResourceStore<InmemoryResourcesStore>();
services.AddAuthentication();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app,IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.ConfigureExceptionHandler();
app.UseHttpsRedirection();
app.UseFileServer();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
您可以看到我将cookie的生存期设置为30天。
这是我使用用户名/密码登录时运行的代码:
[HttpGet("Signin")]
public async Task<actionResult<accountResponse>> Signin([FromQuery]string email,[FromQuery]string password)
{
var (account,status) = accountRepository.Authenticateaccount(email,password);
if (status == accountRepository.AuthenticateaccountStatusEnum.InvalidEmailPassword)
return new ResponseBuilder<accountResponse>().WithError("Invalid email/password").Build();
else if (status == accountRepository.AuthenticateaccountStatusEnum.accountExternalProvider)
return new ResponseBuilder<accountResponse>().WithError("This email is not associated with a local account.").Build();
else if (account.Status == accountStatusEnum.WaitingForVerificationCode)
return new ResponseBuilder<accountResponse>(Mapper.Map<accountResponse>(account))
.WithMessage("This email address is still not verified.")
.Build();
else
return await CompleteLogin(account);
}
private async Task<accountResponse> CompleteLogin(accountModel account)
{
await HttpContext.SignInAsync(account.Email,account.Email,new AuthenticationProperties { IsPersistent = true,ExpiresUtc = DateTime.UtcNow.AddDays(30) });
return Mapper.Map<accountResponse>(account).WithAuthenticated();
}
您可以看到我再次将有效期设置为30天,并将IsPersistent
设置为true。
所有这些都很好。如果我登录并关闭浏览器并重新打开,则它仍已通过身份验证。
唯一的错误是,如果我登录并让时间流逝,比如说晚上,我会刷新页面并且不再进行身份验证。
我想念什么?我希望用户长时间保持身份验证(即使他关闭浏览器,重新启动等)。
编辑:
这是我从浏览器中看到的cookie:
看起来还不错...请注意,该Cookie信息来自“已登出”(很奇怪?)的浏览器会话。