I am using Identity 2.1 in my MVC5 app. I am setting the isPersistent property of the PasswordSignInAsync to true to enable 'Remember Me':
var result = await SignInManager.PasswordSignInAsync(model.Username,
model.Password,
true,
shouldLockout: false);
But if I stay logged in overnight, then when I refresh the page in the morning, it logs me out and I have to sign in again. How do I prevent automatic logging out until the user manually logs out?
Is it something to do with the Cookie Authentication that identity uses? I don't really understand the CookieAuthenticationOptions that are set in Startup.Auth.cs.
new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator
.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user)
=> user.GenerateUserIdentityAsync(manager))
}
I think you should read this article . There are two different intervals: ValidateInterval and ExpireTimeSpan. And in your case i think you should change the expireTimeSpan, not the ValidateInterval.
There is an explanation for TimeSpan parameter in similar question. Simply use the infinite cookies, like this:
OnValidateIdentity = SecurityStampValidator
.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(0),
regenerateIdentity: (manager, user)
=> user.GenerateUserIdentityAsync(manager))
This is also needed for it to work correctly:
Call
await UserManager.UpdateSecurityStampAsync(userId);
before
AuthenticationManager.SignOut();
I should write more. This strange code:
OnValidateIdentity = SecurityStampValidator
.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(0),
regenerateIdentity: (manager, user)
=> user.GenerateUserIdentityAsync(manager))
was causing my app to lost cookie after 1 day. I really don`t know why, but after excluding this code and adding a mashine key to my web.config "remember me" future is finally working right.
My current code is:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromDays(5)
});
Form this post, the isPersistent parameter sets whether the authentication session is persisted across multiple requests.
来源:https://stackoverflow.com/questions/27789407/asp-net-identity-2-remember-me-user-is-being-logged-out