ASP.Net Identity not persisting cookie MVC6 vNext

Question

I'm working on a MVC6 ASP.Net5 project, and am having trouble with .Net Identity persisting my authentication cookie on login.

I am using a custom user store, this is an existing DB with existing stored procedures etc...

My SignIn method is an extension on my User object, and follows.

public static async Task SignIn(this UserModel Model, UserManager<UserModel> UserManager, SignInManager<UserModel> SignInManager, bool RemeberMe = true)
    {
        var Claims = new List<Claim>();
        Claims.Add(new Claim("UserID", Model.UserID.ToString()));
        Claims.Add(new Claim("Username", Model.Username));

        await UserManager.AddClaimsAsync(Model, Claims);

        await SignInManager.SignInAsync(Model, new AuthenticationProperties { IsPersistent = RemeberMe, AllowRefresh = true });
    }

This works, and a cookie is added with an expiration date in the future.

The issue I am having is that even though the Identity cookie is set for long in the future, after 20ish minutes of inactivity, I am forced to re-login. This makes me think something is timing out, but I'm very new to Identity, and am not sure what I'm doing wrong (or really even where to start).

EDIT : this is my custom GetSecurityStampAsync in the custom user store. I know this isn't secure or even really doing anything currently, but I'm just trying to figure out what the problem is right now. I plan on refactoring it later once it's working.

public Task<string> GetSecurityStampAsync(UserModel user, CancellationToken cancellationToken)
    {
        return Task.FromResult(user.UserID.ToString() + user.Username);
    }

Dealdiane · Accepted Answer · 2016-02-12T14:35:07.720

0

Make sure that you've set your timeouts according to your requirement[s]. There are two timeout configurations (ExpireTimespan and ValidateInterval) in Identity 2.1 that can affect how long a user can stay logged in. You can configure them using:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(15)
    },
    ExpireTimeSpan = TimeSpan.FromMinutes(30)
});

That is explained more in this article - a little dated but should still apply for the most recent version of ASP.NET Core that has been released at this time of writing (rc1).

If you're using session, it could also be that you're session is just timing out or is cleared.

By default you get a in-memory cache. As soon as the process is restarted, you will lose your session objects. You need to use a persistent storage for your session objects.

If you're using SQL Server, here's a good article to get you started.

edited Feb 12 '16 at 14:35

answered Feb 09 '16 at 21:53

Dealdiane

3,984
1
24
35

Uhhm.. care to explain the down vote? I do think that this is a very relevant answer to the question.. – Dealdiane Feb 09 '16 at 22:01
I was not the one who downvoted, so I'm not sure where that came from. That article is interesting, but I'm not using sessions (don't have it as middleware). – mituw16 Feb 10 '16 at 11:48
@mituw16 Ahh..gotcha.. what does your GetSecurityStampAsync look like in your custom store – Dealdiane Feb 10 '16 at 20:26
I know this isn't secure, but I'm just trying to get it working currently. I'll come back and change it once I understand what the problem is. I've edited my question to post that method – mituw16 Feb 11 '16 at 12:41
Huh, this is interesting. In debugging, it appears that at some point, I haven't been able to figure out when yet, my persisted cookie gets replaced with a new cookie that is a session cookie. – mituw16 Feb 11 '16 at 13:24
@mituw16 Maybe [this](http://www.jamessturtevant.com/posts/ASPNET-Identity-Cookie-Authentication-Timeouts/) can help you – Dealdiane Feb 12 '16 at 02:28
The article you linked in your previous comment solved it! I didn't realize that even though I had set persist to `true`, the cookie was still being marked as expired after some time. The documentation on .Net 5 is still pretty sparse, and I couldn't find anything about that from previous version of identity (but I didn't know what to search for either, lol). If edit your answer, I'll happily accept it :) – mituw16 Feb 12 '16 at 13:05
@mituw16 Great that that helped you. I've updated my answer. – Dealdiane Feb 12 '16 at 14:36

ASP.Net Identity not persisting cookie MVC6 vNext

1 Answers1

Linked