7

I have IdentityServer4 with Angular. Every 5 minutes the token is silent refreshed. But after 30minutes the user is automatically logged out. I was trying to set lifetime cookies somehow, without any success.

This is my current configuration:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<AppIdentityDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Identity")));

        services.AddIdentity<AppUser, IdentityRole>(options =>
            {
                options.Password.RequiredLength = 6;
                options.Password.RequireLowercase = false;
                options.Password.RequireUppercase = false;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireDigit = false;
                options.SignIn.RequireConfirmedEmail = true;
                options.User.RequireUniqueEmail = true;
                options.User.AllowedUserNameCharacters = null;
            })
            .AddEntityFrameworkStores<AppIdentityDbContext>()
            .AddDefaultTokenProviders();

        services.AddIdentityServer(options => options.Authentication.CookieLifetime = TimeSpan.FromHours(10))
            .AddDeveloperSigningCredential()
            .AddInMemoryPersistedGrants()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients(Configuration["AppUrls:ClientUrl"]))
            .AddAspNetIdentity<AppUser>();

        services.AddTransient<IProfileService, IdentityClaimsProfileService>();

        services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
           .AllowAnyMethod()
           .AllowAnyHeader()));

        services.AddRazorPages().AddRazorRuntimeCompilation();
    }

@EDIT

If I will add

services.Configure<SecurityStampValidatorOptions>(options =>
{
    options.ValidationInterval = TimeSpan.FromHours(24);
});

Then it working fine, but I bet this is not correct solution for my issue.

@EDIT2

I found this https://github.com/IdentityModel/oidc-client-js/issues/911#issuecomment-617724445 and this helped me, but still not sure whether is proper way to solve it or it just next hack.

DiPix
  • 5,755
  • 15
  • 61
  • 108
  • Did you try to set `options.Authentication.CookieSlidingExpiration` to `true`? I didnt see it in [your code](https://github.com/pklejnowski/angular_core/blob/master/Insig/Insig.IdentityServer/Startup.cs#L50) thats why asking. On IdentityServer4 code, cookie properties are set [here](https://github.com/IdentityServer/IdentityServer4/blob/master/src/IdentityServer4/src/Configuration/DependencyInjection/ConfigureInternalCookieOptions.cs#L25). If these values doesnt work then its not IdentityServer issue for sure – nahidf Jun 05 '20 at 06:18

2 Answers2

5

As far as I know this is neither Identity Server 4 nor OpenID Connect issue.

It is the logic of Asp.Net Identity cookies. This should be configurable at the Startup.cs.

You need to add following cookie configuration:

services.ConfigureApplicationCookie(o =>
{
    o.ExpireTimeSpan = TimeSpan.FromHours(24);
    o.SlidingExpiration = true;
});

This answer is inspired from following answers:

Maytham Fahmi
  • 31,138
  • 14
  • 118
  • 137
  • Didn't help. Can you look into my code repository? https://github.com/pklejnowski/angular_core – DiPix Jun 02 '20 at 12:39
  • 2
    @DiPix I will give it a check this afternoon when I am done with my work :) – Maytham Fahmi Jun 02 '20 at 12:40
  • 1
    Ya, and not finished it is a bit devil circle. Hope will succeed. Will update you as soon some things break through – Maytham Fahmi Jun 04 '20 at 09:49
  • 1
    I do not think I can bring more on the table right now, I have spent crazy amount of hours on it. I spent hours get the solution to works, it should be easy stuff, but run into different issues. When it was finally running, I started debugging the timeout issue with out luck so far. Regardless what, this issue made me thinking to solve it. it is matter of time. – Maytham Fahmi Jun 05 '20 at 22:32
  • Gues everybody gave up :( – DiPix Jun 16 '20 at 07:04
  • People often have .Net Core clients, and I found sometimes very confusing to recognize to which place they refer to, as both client and IdS have exactly the same-looking settings. So, I believe, this time we speak about IdS settings, even though on the first glance it looks like client's sliding time problem. – Niksr Dec 08 '22 at 14:59
2

I found the solution. I was using

await HttpContext.SignInAsync(user.Id, user.UserName, props);

for signIn the user. And it was caused the problem.

After changed to:

var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure: true);

It started working properly.

DiPix
  • 5,755
  • 15
  • 61
  • 108