Right now we set the expiration of our Identity Cookie in the StartUp.cs of the project. We have a standard timeout and want to have a dynamic timeout based on the role of the logged in user. I'm looking for direction on how to access the Claims Role to set the Cookie expiration. Is middleware needed?
Basically I am looking for
services.AddIdentity<ApplicationUser, IdentityRole>(options => {
options.Cookies.ApplicationCookie.ExpireTimeSpan = //BasedOnRole);
});
this would also work
services.Configure<SecurityStampValidatorOptions>((options) => options.ValidationInterval = //BasedOnRole);
The Cookies for Identity
is AspNetCore.Identity.Application
, and its ExpireTimeSpan
is set by HandleSignInAsync .
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Clock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
await Events.SigningIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
}
You could implement your own CookieAuthenticationHandler
by overring HandleSignInAsync
.
public class CustomCookieAuthenticationHandler : CookieAuthenticationHandler
{
public CustomCookieAuthenticationHandler(IOptionsMonitor<CookieAuthenticationOptions> options
, ILoggerFactory logger
, UrlEncoder encoder
, ISystemClock clock) : base(options, logger, encoder, clock)
{
}
protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
{
if (user.Identity.Name == "test@outlook.com")
{
properties.ExpiresUtc = Clock.UtcNow.AddMinutes(15);
}
else
{
properties.ExpiresUtc = Clock.UtcNow.AddMinutes(35);
}
return base.HandleSignInAsync(user, properties);
}
}
Change the logic to set properties.ExpiresUtc
.
To replace built-in CookieAuthenticationHandler
, try to replace it in Startup
var descriptor =
new ServiceDescriptor(
typeof(CookieAuthenticationHandler),
typeof(CustomCookieAuthenticationHandler),
ServiceLifetime.Transient);
services.Replace(descriptor);
Hi in startup You can add the cookies
services.ConfigureApplicationCookie(options => { options.AccessDeniedPath = "/Identity/Account/AccessDenied"; options.Cookie.Name = "YourAppCookieName"; options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(60); options.LoginPath = "/Identity/Account/Login"; // ReturnUrlParameter requires //using Microsoft.AspNetCore.Authentication.Cookies; options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter; options.SlidingExpiration = true; });
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.