0

I'm got a site setup using vnext/core 1.0 that uses Identity 3 for authentication. I can create users, I can change passwords, I can login fine. The issue is, it appears to be ignoring the ExpireTimespan property as I'm randomly kicked out of the app after a certain amount of time and I'm struggling to get to the bottom of it.

I have my own userstore and usermanager

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    ...

  services.AddIdentity<Domain.Models.User, Domain.Models.UserRole>()
                .AddUserStore<UserStore>()
                .AddRoleStore<RoleStore>()
                .AddUserManager<MyUserManager>()                
                .AddDefaultTokenProviders();

  ...

}

 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
...

app.UseMyIdentity();

...
}


public static IApplicationBuilder UseMyIdentity(this IApplicationBuilder app)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            var marker = app.ApplicationServices.GetService<IdentityMarkerService>();
            if (marker == null)
            {
                throw new InvalidOperationException("MustCallAddIdentity");
            }

            var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;

            app.UseCookieAuthentication(options.Cookies.ExternalCookie);
            app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
            app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
            CookieAuthenticationOptions appCookie = options.Cookies.ApplicationCookie;

            appCookie.LoginPath = new Microsoft.AspNet.Http.PathString("/Login");
            appCookie.SlidingExpiration = true;
            appCookie.ExpireTimeSpan = TimeSpan.FromHours(8);
            appCookie.CookieName = "MyWebApp";

            app.UseCookieAuthentication(appCookie);
            return app;
        }

Login controller

var user = await userManager.FindByNameAsync(model.Username);

            if (user != null)
            {
                SignInResult result = await signInManager.PasswordSignInAsync(user, model.Password, false, false);

                if (result.Succeeded)
                {
                    RedirectToActionPermanent("Index", "Home");
                }                   
            }
blowdart
  • 55,577
  • 12
  • 114
  • 149
Phil
  • 1,609
  • 12
  • 24

1 Answers1

0

See my problem here: ASP.NET Core 1.0 - MVC 6 - Cookie Expiration

I ran into the same problem and spent hours going through the OS-code of aspnet Identity on github :-)

Your custom UserManager has to implement Get/UpdateSecurityStampAsync

public class MyUserManager:UserManager<MinervaUser> 
{
...
    public override bool SupportsUserSecurityStamp
    {
        get
        {
            return true;
        }
    }
    public override async Task<string> GetSecurityStampAsync(MinervaUser user)
    {
        // Todo: Implement something useful here!
        return "Token";
    }

    public override async Task<IdentityResult> UpdateSecurityStampAsync(MinervaUser user)
    {
        // Todo: Implement something useful here!
        return IdentityResult.Success;
    }
mcb
  • 194
  • 2
  • 8
  • thanks for the reply @mcb. I ended up setting my own ClaimsIdentity which turned out to be much simpler and easier than using identity, they've done a really good job with mvc6: https://docs.asp.net/en/latest/security/authentication/cookie.html – Phil May 23 '16 at 12:15
  • Yeah, since yesterday it is documented [link](https://docs.asp.net/en/latest/security/authentication/cookie.html) for RC2. Still wouldn't mind if you accept the answer :-) – mcb May 23 '16 at 17:25