ASP.NET Core MVC: setting expiration of identity cookie

by

The ASP.NET Identity middleware which you are using is a wraper around some calls to UseCookieAuthentication which includes the Cookie Authentication middleware on the pipeline. This can be seen on the source code for the builder extensions of the Identity middleware here on GitHub. In that case the options needed to configure how the underlying Cookie Authentication should work are encapsulated on the IdentityOptions and configured when setting up dependency injection.

Indeed, looking at the source code I linked to you can see that the following is run when you call app.UseIdentity():

var options = app.ApplicationServices.GetRequiredService<IOptions<IdentityOptions>>().Value;
app.UseCookieAuthentication(options.Cookies.ExternalCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorRememberMeCookie);
app.UseCookieAuthentication(options.Cookies.TwoFactorUserIdCookie);
app.UseCookieAuthentication(options.Cookies.ApplicationCookie);
return app;

To setup the IdentityOptions class, the AddIdentity<TUser, TRole> method has one overloaded version which allows to configure the options with one lambda. Thus you just have to pass in a lambda to configure the options. In that case you just access the Cookies properties of the options class and configure the ApplicationCookie as desired. To change the time span you do something like

services.AddIdentity<ApplicationUser, IdentityRole>(options => {

    options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1);

});

EDIT: The ExpireTimeSpan property is only used if when calling HttpContext.Authentication.SignInAsync we pass in an instance of AuthenticationProperties with IsPersistent set to true.

Trying out just with the Cookie Authentication Middleware it turns out that this works: if we just sign in without this option, we get a cookie that lasts for the session, if we send this together we get a cookie which lasts what we setup when configuring the middleware.

With ASP.NET Identity the way to do is pass the parameter isPersistent of the PasswordSignInAsync with value true. This ends up being a call to SignInAsync of the HttpContext passing in the AuthenticationProperties with the IsPersistent set to true. The call ends up being something like:

var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);

Where the RememberMe is what configures if we are setting IsPersistent to true or false.

More Related Contents:

  1. Encrypted configuration in ASP.NET Core
  2. Pass Model To Controller using Jquery/Ajax
  3. How to extend available properties of User.Identity
  4. What is the equivalent of Server.MapPath in ASP.NET Core?
  5. Updating user data – ASP.NET Identity
  6. How to change type of id in Microsoft.AspNet.Identity.EntityFramework.IdentityUser
  7. Prevent multiple logins
  8. What is the advantage of using async with MVC5?
  9. Where are the ControllerContext and ViewEngines properties in MVC 6 Controller?
  10. How to access Facebook private information by using ASP.NET Identity (OWIN)?
  11. Merge MyDbContext with IdentityDbContext
  12. ExpireTimeSpan ignored after regenerateIdentity / validateInterval duration in MVC Identity (2.0.1)
  13. AWS Elastic Beanstalk environment variables in ASP.NET Core 1.0
  14. ASP.NET Core Identity – get current user
  15. The default XML namespace of the project must be the MSBuild XML namespace
  16. Where is Request.IsAjaxRequest() in Asp.Net Core MVC?
  17. Discovering Generic Controllers in ASP.NET Core
  18. ASP.NET Core change EF connection string when user logs in
  19. ASP.NET (OWIN) Identity: How to get UserID from a Web API controller?
  20. how to implement ASP.NET Identity to an empty MVC project
  21. Get ExtraData from MVC5 framework OAuth/OWin identity provider with external auth provider
  22. MVC 5 Owin Facebook Auth results in Null Reference Exception
  23. There is already an object named ‘AspNetRoles’ in the database
  24. Registering Web API 2 external logins from multiple API clients with OWIN Identity
  25. Where are @Json.Encode or @Json.Decode methods in MVC 6?
  26. Dealing with large file uploads on ASP.NET Core 1.0
  27. How do I create a MVC Razor template for DisplayFor()
  28. Asp.net core MVC post parameter always null
  29. Get UserID of logged-in user in Asp.Net MVC 5
  30. How to reuse Areas, Controllers, Views, Models, Routes in multiple apps or websites

Leave a Comment