0

I have problem with asp.net core identity in web farm. when user logs in website an authentication cookie set in browser it works correctly in localhost but in the web farm after a little time ,for example 2 minutes, this cookie expire and user logs out , however I set expire time more than 30 days !

In asp.net MVC this problem solves while setting a machine key in Web config but in asp.net core I don`t know the answer.

Please help me thank you 

            services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        }).AddCookie(options =>
        {
            options.Cookie.Name = "eShop_Authentication";
            options.ExpireTimeSpan = TimeSpan.FromDays(30);
            options.LoginPath = "/auth/sign-in";
            options.LogoutPath = "/auth/sign-out";
        });

and account controller - login Action 

                // TODO ---> Set Authentication Cookie

                var claims = new List<Claim>()
                {
                    new Claim(ClaimTypes.NameIdentifier , user.UserId.ToString()),
                    new Claim(ClaimTypes.Name , user.UserName)
                };

                var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

                var principal = new ClaimsPrincipal(identity);

                var properties = new Microsoft.AspNetCore.Authentication.AuthenticationProperties()
                {
                    IsPersistent = login.RememberMe,
                    AllowRefresh = true,
                    ExpiresUtc = DateTimeOffset.Now.AddDays(30),
                };

                HttpContext.SignInAsync
                    (CookieAuthenticationDefaults.AuthenticationScheme,principal,properties);
AYHAN
  • 11
  • 4
  • Hey Ayman, did you find the the explanation here useful? https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-3.1 – Shree Harsha Apr 30 '20 at 04:15
  • The problem could be that the signing key of the cookie is not set, and the identity middleware is using a default random value. You should provide more information on how you setup the authentication middleware, or look out for a signing key in your code. E.g., in my code, I use the `TokenValidationParameters` class, and set the `IssuerSigningKeys` property with a random value coming from configuration, like this: `var signingKeys = new[] {new SymmetricSecurityKey(ComputeSigningKey(options.SigningKey))};`. This is just an example, though. If you need help, we need more informations. – Alberto Chiesa Apr 30 '20 at 06:39
  • https://stackoverflow.com/a/56297702/880875 – Deepak Mishra Apr 30 '20 at 07:40
  • Hi there, make sure you also either have sticky sessions (via load balancer) or if not, have your session state stored out of proc in either the same state server, or via another service like Redis. Otherwise, your session may exist on one server, but when routed to another server, you may not be able to get your session. – Markuzy Apr 30 '20 at 18:36

1 Answers1

1

Finally I Fixed it with this code on startup

            services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(Path.Combine(Directory.GetCurrentDirectory(), "wwwroot/Keys")));
AYHAN
  • 11
  • 4