in asp.net core mvc app lifetime of authentication cookie set 'session', lasts until close browser. use default authentication scheme mvc:
app.useidentity();
how can extend lifetime of cookie?
the asp.net identity middleware using wraper around calls usecookieauthentication
includes cookie authentication middleware on pipeline. can seen on source code builder extensions of identity middleware here on github. in case options needed configure how underlying cookie authentication should work encapsulated on identityoptions
, configured when setting dependency injection.
indeed, looking @ source code linked can see following run when call app.useidentity()
:
var options = app.applicationservices.getrequiredservice<ioptions<identityoptions>>().value; app.usecookieauthentication(options.cookies.externalcookie); app.usecookieauthentication(options.cookies.twofactorremembermecookie); app.usecookieauthentication(options.cookies.twofactoruseridcookie); app.usecookieauthentication(options.cookies.applicationcookie); return app;
to setup identityoptions
class, addidentity<tuser, trole>
method has 1 overloaded version allows configure options 1 lambda. have pass in lambda configure options. in case access cookies
properties of options class , configure applicationcookie
desired. change time span like
services.addidentity<applicationuser, identityrole>(options => { options.cookies.applicationcookie.expiretimespan = timespan.fromhours(1); });
edit: expiretimespan
property used if when calling httpcontext.authentication.signinasync
pass in instance of authenticationproperties
ispersistent
set true
.
trying out cookie authentication middleware turns out works: if sign in without option, cookie lasts session, if send cookie lasts setup when configuring middleware.
with asp.net identity way pass parameter ispersistent
of passwordsigninasync
value true
. ends being call signinasync
of httpcontext
passing in authenticationproperties
ispersistent
set true. call ends being like:
var result = await _signinmanager.passwordsigninasync(model.email, model.password, model.rememberme, lockoutonfailure: false);
where rememberme
configures if setting ispersistent
true or false.
Comments
Post a Comment