Asp.Net MVC核心和标识3
问题描述:
我有一个使用vnext/core 1.0的站点设置,它使用Identity 3进行身份验证。我可以创建用户,我可以更改密码,我可以很好地登录。问题是,它似乎忽略了ExpireTimespan属性,因为我在一段时间后被随机踢出了应用程序,而我正在努力达到它的底部。Asp.Net MVC核心和标识3
我有我自己的userstore和的UserManager
public IServiceProvider ConfigureServices(IServiceCollection services)
{
...
services.AddIdentity<Domain.Models.User, Domain.Models.UserRole>()
.AddUserStore<UserStore>()
.AddRoleStore<RoleStore>()
.AddUserManager<MyUserManager>()
.AddDefaultTokenProviders();
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
app.UseMyIdentity();
...
}
public static IApplicationBuilder UseMyIdentity(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
var marker = app.ApplicationServices.GetService<IdentityMarkerService>();
if (marker == null)
{
throw new InvalidOperationException("MustCallAddIdentity");
}
var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;
app.UseCookieAuthentication(options.Cookies.ExternalCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
CookieAuthenticationOptions appCookie = options.Cookies.ApplicationCookie;
appCookie.LoginPath = new Microsoft.AspNet.Http.PathString("/Login");
appCookie.SlidingExpiration = true;
appCookie.ExpireTimeSpan = TimeSpan.FromHours(8);
appCookie.CookieName = "MyWebApp";
app.UseCookieAuthentication(appCookie);
return app;
}
登录控制器
var user = await userManager.FindByNameAsync(model.Username);
if (user != null)
{
SignInResult result = await signInManager.PasswordSignInAsync(user, model.Password, false, false);
if (result.Succeeded)
{
RedirectToActionPermanent("Index", "Home");
}
}
答
见我的问题在这里:经历了 ASP.NET Core 1.0 - MVC 6 - Cookie Expiration
我遇到了同样的问题,花了几个小时在github上的aspnet身份验证的操作系统代码:-)
您的自定义UserManager必须执行Get/UpdateSecurityStampAsync
public class MyUserManager:UserManager<MinervaUser>
{
...
public override bool SupportsUserSecurityStamp
{
get
{
return true;
}
}
public override async Task<string> GetSecurityStampAsync(MinervaUser user)
{
// Todo: Implement something useful here!
return "Token";
}
public override async Task<IdentityResult> UpdateSecurityStampAsync(MinervaUser user)
{
// Todo: Implement something useful here!
return IdentityResult.Success;
}
感谢回复@mcb。我最终设置了自己的ClaimsIdentity,结果比使用身份更简单和容易,他们在mvc6方面做得非常好:https://docs.asp.net/en/latest/security/authentication/cookie .html – Phil
是的,从昨天开始,RC2就有文档[链接](https://docs.asp.net/en/latest/security/authentication/cookie.html)。仍然不会介意,如果你接受答案:-) – mcb