2

I've recently started changing one of my projects over to asp .net identity 2 from my home grown authentication. I've got an issue with it though which is affecting the users. For one reason or another in development or production it seems to be logging people out with no real pattern or explanation.

I'm using just regular CookieAuthentication with custom identity tables in the database with a custom UserManager and RoleManager so I can use Int32 for the PK instead of string, pretty straight forward.

This is the configuration I'm using in my startup file.

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            SlidingExpiration = true,
            ExpireTimeSpan = TimeSpan.FromHours(1),
            Provider = new CookieAuthenticationProvider
            {
                OnApplyRedirect = ctx => 
                {
                    if (!ctx.Request.Path.StartsWithSegments(new PathString("/api")) && !ctx.Request.Path.StartsWithSegments(new PathString("/service")))
                    {
                        ctx.Response.Redirect(ctx.RedirectUri);
                    }
                },
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<CustomUserManager, WebAccount, int>
                (
                     validateInterval: TimeSpan.FromMinutes(30),
                     regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                     getUserIdCallback: (id) => (Int32.Parse(id.GetUserId()))
                )
            }
        });

I've seen it where people are editing some data via a form and in the time from loading the form to clicking save they have been logged out and redirected to the login page, losing there changes.

I cant quite figure out why it would be doing this so if anyone could shed some light it would be much appreciated!

Thanks in advance!

tereško
  • 58,060
  • 25
  • 98
  • 150
Richard Adnams
  • 3,128
  • 2
  • 22
  • 30
  • By any chance are there requests (e.g. for images) that are being made on your page that are being kicked out as not passing your authentication (e.g. has the cookie been removed after the page has been GOT but before the form has posted). – Paddy Oct 03 '14 at 11:25
  • If you experience random-ish logouts, it can be pretty much anything which doesn't automatically has something to do with the authentication itself either. You'll need to debug by adding logging in various places (for example, do you have a log out function which might be called erroneously?), check up on server logs/IIS logs and all those things. It sounds like the needle in the haystack, but you need to identify the haystack first :) – Allan S. Hansen Oct 03 '14 at 11:46
  • Yeah I've checked through places that might have logic to logout people out but there is nothing that logs people out per say they just get redirect to a different page. I just figured with it working prior to using asp identity then it must be something to do with this, I'll keep digging and setting up more logging see if I can find anything else in the meantime :-) – Richard Adnams Oct 03 '14 at 12:27
  • Is there any chance a 403 status response could trigger identity to log users out? – Richard Adnams Oct 03 '14 at 12:28
  • Possible duplicate of [C# Asp.net mvc identity, users logging out very quickly](https://stackoverflow.com/questions/36262443/c-sharp-asp-net-mvc-identity-users-logging-out-very-quickly) – d219 Aug 06 '18 at 23:24

0 Answers0