Azure 身份验证 .net MVC 超时设置
在搜索了这个问题的答案后,我找不到任何延长登录用户超时的方法。旧版 .net 框架项目 4.7,带有 Microsoft.OWIN 包的 ASP.NET mvc。 登录过程似乎工作正常。 一小时后,即使在使用该网站时,我也会被重定向到微软登录页面。滑动过期没有任何作用。 我需要更改哪些设置或技巧才能使会话持续更长时间?
预期的行为是,通过导航使用该站点,会话将保持活动状态,甚至有模式提示来继续会话,而不会因重定向而丢失任何正在进行的内容。
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = AuthenticationConfig.Authority,
Scope = $"openid email profile offline_access {graphScopes}",
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = tenant,
NameClaimType = "name",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = OnSecurityTokenValidated,
AuthenticationFailed = OnAuthenticationFailed,
AuthorizationCodeReceived = OnAuthorizationCodeReceived
}
});
}
having searched for the answer to this I cant find any way of extending the timeout for a logged in user. legacy .net framework project 4.7, ASP.NET mvc with Microsoft.OWIN packages.
The login process appears to work ok.
After an hour I get redirected to the microsoft login page even when using the site. sliding expiration does nothing.
What settings or techniques do I change to make the session last longer?
The expected behaviour is that the session would be kept alive by using the site by navigating or even having a modal prompt to continue the session would work without losing anything that is in progress by being redirected.
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = AuthenticationConfig.Authority,
Scope = quot;openid email profile offline_access {graphScopes}",
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = tenant,
NameClaimType = "name",
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
SecurityTokenValidated = OnSecurityTokenValidated,
AuthenticationFailed = OnAuthenticationFailed,
AuthorizationCodeReceived = OnAuthorizationCodeReceived
}
});
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在启动类中尝试使用
ex:
如果 SlidingExpiration 设置为 true 。例如,如果用户登录并在 19 分钟后发出第二个请求,则 cookie 将重新发出 30 分钟。
尝试更改 web.config 中的会话超时值。例如,
web.config中的代码。在某些情况下,即使增加会话超时,会话仍然会过期。
一些可能的原因可能是。
会话超时应小于应用程序池空闲超时,因此如果增加会话超时,则也必须增加应用程序空闲超时。否则,应用程序将被回收。因此会话将自动过期。
请注意,如果您使用表单身份验证,则还需要在 web.config 中增加表单超时:
另请检查 根据需要配置令牌生命周期
参考:
In startup class try to use
ex:
If SlidingExpiration is set to true . For example, if the user logged in and made a second request 19 minutes later the cookie will be re-issued for another 30 minutes.
Try changing session timeout value in web.config. For example, code in
web.configunder<system.web>namespace.In some cases,even when session timeout is increased, session will still expire.
some possible reasons might be.
session timeout should be less than Application pool idle timeout, so if you increase session timeout, you have to increase application idle timeout too. Otherwise, application will get recycled. Hence sessions will expire automatically.
note that if you use Forms Authentication, you'll need to increase forms timeout too in web.config :
Also please check Configure token lifetime if needed
References: