0

我目前正在使用ASP.NET核心身份。我无法弄清楚延长会话长度的设置,但我一直在注销 - 我假设有一个大约20分钟的失效时间,但我找不到该设置。请注意,我将Google用作外部OAuth。ASP.NET核心身份到期(谷歌OAuth)

 services.AddIdentity<ApplicationUser, IdentityRole>(o => 
      { 
       o.Password.RequireDigit = false; 
       o.Password.RequireLowercase = false; 
       o.Password.RequireUppercase = false; 
       o.Password.RequireNonAlphanumeric = false; 
       o.Password.RequiredLength = 6; 
       o.SecurityStampValidationInterval = TimeSpan.FromHours(8); 
       o.Cookies.ExternalCookie.ExpireTimeSpan = TimeSpan.FromHours(8); 
       o.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(8); 
      }) 
      .AddEntityFrameworkStores<ApplicationDbContext>() 
      .AddDefaultTokenProviders(); 


     app.UseIdentityServer(); 

     app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions 
     { 
      Authority = $"http://localhost:55504/", 
      RequireHttpsMetadata = false, 
      AllowedScopes = 
      { 
       IdentityServerConstants.StandardScopes.OpenId, 
       IdentityServerConstants.StandardScopes.Profile, 
       IdentityServerConstants.StandardScopes.Email, 
       "name", 
       "given_name", 
       "family_name", 
       "role" 
      } 
     }); 

     var googleOptions = serviceProvider.GetRequiredService<GoogleOptions>(); 
     app.UseGoogleAuthentication(new GoogleOptions 
     { 
      AuthenticationScheme = "Google", 
      SignInScheme = "Identity.External", 
      ClientId = googleOptions.ClientId, 
      ClientSecret = googleOptions.ClientSecret 
     }); 
+0

可能的复制[Cookie身份验证在ASP.NET Core中过期过早](https://stackoverflow.com/questions/45595615/c ookie-authentication-expiring-too-soon-in-asp-net-core) – SteelToe

+0

你在哪里以及如何托管你的应用程序? IIS? Azure应用服务?然后,您需要启用数据保护,因此您的Cookie的加密密钥在应用程序重新启动后仍然存在。请参阅[我的答案](https://stackoverflow.com/a/47559544/455493) – Tseng

回答

0

这个问题\答案是特定于Identity Server的4

你会做这样的事情在你的配置:

app.UseGoogleAuthentication(new GoogleOptions 
{ 
    SignInScheme = "Identity.External", // this is the name of the cookie middleware registered by UseIdentity() 
    ClientId = Configuration["ExternalAuthentication:Google:ClientId"], 
    ClientSecret = Configuration["ExternalAuthentication:Google:ClientSecret"] 
}); 

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions 
{ 
    Authority = $"http://localhost:55504/", 
    RequireHttpsMetadata = false, 
    AllowedScopes = 
    { 
     IdentityServerConstants.StandardScopes.OpenId, 
     IdentityServerConstants.StandardScopes.Profile, 
     IdentityServerConstants.StandardScopes.Email, 
     "name", 
     "given_name", 
     "family_name", 
     "role" 
    } 
     // CookieLifetime default is 10 Hours 
     Authentication.CookieLifetime = TimeSpan.FromHours(24); 

     // Default CookieSlidingExpiration = false; 
     Authentication.CookieSlidingExpiration = true; 
}); 

,并在您ConfigureServices

// Identity 
    // https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity 
    // http://docs.identityserver.io/en/release/quickstarts/6_aspnet_identity.html 
    services.AddIdentity<ApplicationUser, IdentityRole>(o => { 
      // configure identity options 
      o.Password.RequireDigit = false; 
      o.Password.RequireLowercase = false; 
      o.Password.RequireUppercase = false; 
      o.Password.RequireNonAlphanumeric = false; 
      o.Password.RequiredLength = 6; 
     }) 
      .AddEntityFrameworkStores<AuthDbContext>() 
      .AddDefaultTokenProviders(); 
+0

当应用程序回收并且加密密钥丢失并且在下次启动时生成新的加密密钥时,这将无济于事 – Tseng

+0

I坦率地说,袖口答案。但是,我将使用当前正在服务器重新启动之间工作的代码更新我的答案,使用MS Identity和IdentityServer 4托管在Azure上的Google OAuth。名称“Idenity”是其代码中2个独立软件包的一部分。 – ttugates

+0

通过来自IS4的令牌工作流程不会发生此问题,它通过OOB AccountController和CookieAuthentication - 我将尝试禁用IS4并查看错误是否仍然存在。 –