ASP.NET Core MVC: setting expiration of identity cookie -


in asp.net core mvc app lifetime of authentication cookie set 'session', lasts until close browser. use default authentication scheme mvc:

app.useidentity(); 

how can extend lifetime of cookie?

the asp.net identity middleware using wraper around calls usecookieauthentication includes cookie authentication middleware on pipeline. can seen on source code builder extensions of identity middleware here on github. in case options needed configure how underlying cookie authentication should work encapsulated on identityoptions , configured when setting dependency injection.

indeed, looking @ source code linked can see following run when call app.useidentity():

var options = app.applicationservices.getrequiredservice<ioptions<identityoptions>>().value; app.usecookieauthentication(options.cookies.externalcookie); app.usecookieauthentication(options.cookies.twofactorremembermecookie); app.usecookieauthentication(options.cookies.twofactoruseridcookie); app.usecookieauthentication(options.cookies.applicationcookie); return app; 

to setup identityoptions class, addidentity<tuser, trole> method has 1 overloaded version allows configure options 1 lambda. have pass in lambda configure options. in case access cookies properties of options class , configure applicationcookie desired. change time span like

services.addidentity<applicationuser, identityrole>(options => {      options.cookies.applicationcookie.expiretimespan = timespan.fromhours(1);  }); 

edit: expiretimespan property used if when calling httpcontext.authentication.signinasync pass in instance of authenticationproperties ispersistent set true.

trying out cookie authentication middleware turns out works: if sign in without option, cookie lasts session, if send cookie lasts setup when configuring middleware.

with asp.net identity way pass parameter ispersistent of passwordsigninasync value true. ends being call signinasync of httpcontext passing in authenticationproperties ispersistent set true. call ends being like:

var result = await _signinmanager.passwordsigninasync(model.email, model.password, model.rememberme, lockoutonfailure: false); 

where rememberme configures if setting ispersistent true or false.


Comments