ASP.NET Identity 2 Remember Me - User Is Being Logged Out

问题

I am using Identity 2.1 in my MVC5 app. I am setting the isPersistent property of the PasswordSignInAsync to true to enable 'Remember Me':

var result = await SignInManager.PasswordSignInAsync(model.Username, 
  model.Password, 
  true, 
  shouldLockout: false);

But if I stay logged in overnight, then when I refresh the page in the morning, it logs me out and I have to sign in again. How do I prevent automatic logging out until the user manually logs out?

Is it something to do with the Cookie Authentication that identity uses? I don't really understand the CookieAuthenticationOptions that are set in Startup.Auth.cs.

new CookieAuthenticationProvider
{  
   OnValidateIdentity = SecurityStampValidator
      .OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
      validateInterval: TimeSpan.FromMinutes(30),
      regenerateIdentity: (manager, user)
      => user.GenerateUserIdentityAsync(manager))
}

回答1:

I think you should read this article . There are two different intervals: ValidateInterval and ExpireTimeSpan. And in your case i think you should change the expireTimeSpan, not the ValidateInterval.

回答2:

There is an explanation for TimeSpan parameter in similar question. Simply use the infinite cookies, like this:

OnValidateIdentity = SecurityStampValidator
  .OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
  validateInterval: TimeSpan.FromMinutes(0),
  regenerateIdentity: (manager, user)
  => user.GenerateUserIdentityAsync(manager))

This is also needed for it to work correctly:

Call

await UserManager.UpdateSecurityStampAsync(userId);

before

AuthenticationManager.SignOut(); 

回答3:

I should write more. This strange code:

OnValidateIdentity = SecurityStampValidator
  .OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
  validateInterval: TimeSpan.FromMinutes(0),
  regenerateIdentity: (manager, user)
  => user.GenerateUserIdentityAsync(manager))

was causing my app to lost cookie after 1 day. I really don`t know why, but after excluding this code and adding a mashine key to my web.config "remember me" future is finally working right.

My current code is:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
   LoginPath = new PathString("/Account/Login"),
   ExpireTimeSpan = TimeSpan.FromDays(5)
});

回答4:

Form this post, the isPersistent parameter sets whether the authentication session is persisted across multiple requests.

来源：https://stackoverflow.com/questions/27789407/asp-net-identity-2-remember-me-user-is-being-logged-out