Asp.Net Core 2.0 Cookie Authentication Expires Before Time
I have an MVC Asp.Net Core 2.0 application that uses Cookie Authentication. The problem is that the session expires ahead of time and redirects the user to the login path, forcing him to authenticate again.
My Startup Class:
ConfigureServices Method:
const string schema = "adminScheme";
services.AddAuthentication(schema).AddCookie(schema, options =>
{
options.AccessDeniedPath = new PathString("/Account/AcessoNegado");
options.Cookie = new CookieBuilder
{
HttpOnly = true,
Name = ".Admin.Security.Cookie",
Path = "/",
SameSite = SameSiteMode.Lax,
SecurePolicy = CookieSecurePolicy.SameAsRequest
};
options.ExpireTimeSpan = TimeSpan.FromMinutes(480);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/Logout");
options.ReturnUrlParameter = "RequestPath";
options.SlidingExpiration = true;
});
on Configure Method:
app.UseAuthentication();
My Login Method:
var cadastro = user.FirstOrDefault();
const string Issuer = "adminScheme";
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, cadastro.NomeUsuario, ClaimValueTypes.String, Issuer),
new Claim("Idusuario",cadastro.Id.ToString(), ClaimValueTypes.String, Issuer),
new Claim("IdtipoUsuario", cadastro.IdtipoUsuario.ToString(), ClaimValueTypes.String, Issuer)
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(scheme: Issuer,
principal: principal,
properties: new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMinutes(480)
});
return RedirectToLocal(returnUrl);
And I use the [Authorize] In My Controllers.
c# authentication asp.net-core-2.0 session-cookies
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
add a comment |
I have an MVC Asp.Net Core 2.0 application that uses Cookie Authentication. The problem is that the session expires ahead of time and redirects the user to the login path, forcing him to authenticate again.
My Startup Class:
ConfigureServices Method:
const string schema = "adminScheme";
services.AddAuthentication(schema).AddCookie(schema, options =>
{
options.AccessDeniedPath = new PathString("/Account/AcessoNegado");
options.Cookie = new CookieBuilder
{
HttpOnly = true,
Name = ".Admin.Security.Cookie",
Path = "/",
SameSite = SameSiteMode.Lax,
SecurePolicy = CookieSecurePolicy.SameAsRequest
};
options.ExpireTimeSpan = TimeSpan.FromMinutes(480);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/Logout");
options.ReturnUrlParameter = "RequestPath";
options.SlidingExpiration = true;
});
on Configure Method:
app.UseAuthentication();
My Login Method:
var cadastro = user.FirstOrDefault();
const string Issuer = "adminScheme";
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, cadastro.NomeUsuario, ClaimValueTypes.String, Issuer),
new Claim("Idusuario",cadastro.Id.ToString(), ClaimValueTypes.String, Issuer),
new Claim("IdtipoUsuario", cadastro.IdtipoUsuario.ToString(), ClaimValueTypes.String, Issuer)
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(scheme: Issuer,
principal: principal,
properties: new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMinutes(480)
});
return RedirectToLocal(returnUrl);
And I use the [Authorize] In My Controllers.
c# authentication asp.net-core-2.0 session-cookies
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
add a comment |
I have an MVC Asp.Net Core 2.0 application that uses Cookie Authentication. The problem is that the session expires ahead of time and redirects the user to the login path, forcing him to authenticate again.
My Startup Class:
ConfigureServices Method:
const string schema = "adminScheme";
services.AddAuthentication(schema).AddCookie(schema, options =>
{
options.AccessDeniedPath = new PathString("/Account/AcessoNegado");
options.Cookie = new CookieBuilder
{
HttpOnly = true,
Name = ".Admin.Security.Cookie",
Path = "/",
SameSite = SameSiteMode.Lax,
SecurePolicy = CookieSecurePolicy.SameAsRequest
};
options.ExpireTimeSpan = TimeSpan.FromMinutes(480);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/Logout");
options.ReturnUrlParameter = "RequestPath";
options.SlidingExpiration = true;
});
on Configure Method:
app.UseAuthentication();
My Login Method:
var cadastro = user.FirstOrDefault();
const string Issuer = "adminScheme";
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, cadastro.NomeUsuario, ClaimValueTypes.String, Issuer),
new Claim("Idusuario",cadastro.Id.ToString(), ClaimValueTypes.String, Issuer),
new Claim("IdtipoUsuario", cadastro.IdtipoUsuario.ToString(), ClaimValueTypes.String, Issuer)
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(scheme: Issuer,
principal: principal,
properties: new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMinutes(480)
});
return RedirectToLocal(returnUrl);
And I use the [Authorize] In My Controllers.
c# authentication asp.net-core-2.0 session-cookies
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
I have an MVC Asp.Net Core 2.0 application that uses Cookie Authentication. The problem is that the session expires ahead of time and redirects the user to the login path, forcing him to authenticate again.
My Startup Class:
ConfigureServices Method:
const string schema = "adminScheme";
services.AddAuthentication(schema).AddCookie(schema, options =>
{
options.AccessDeniedPath = new PathString("/Account/AcessoNegado");
options.Cookie = new CookieBuilder
{
HttpOnly = true,
Name = ".Admin.Security.Cookie",
Path = "/",
SameSite = SameSiteMode.Lax,
SecurePolicy = CookieSecurePolicy.SameAsRequest
};
options.ExpireTimeSpan = TimeSpan.FromMinutes(480);
options.LoginPath = new PathString("/Account/Login");
options.LogoutPath = new PathString("/Account/Logout");
options.ReturnUrlParameter = "RequestPath";
options.SlidingExpiration = true;
});
on Configure Method:
app.UseAuthentication();
My Login Method:
var cadastro = user.FirstOrDefault();
const string Issuer = "adminScheme";
List<Claim> claims = new List<Claim>
{
new Claim(ClaimTypes.Name, cadastro.NomeUsuario, ClaimValueTypes.String, Issuer),
new Claim("Idusuario",cadastro.Id.ToString(), ClaimValueTypes.String, Issuer),
new Claim("IdtipoUsuario", cadastro.IdtipoUsuario.ToString(), ClaimValueTypes.String, Issuer)
};
ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(scheme: Issuer,
principal: principal,
properties: new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTime.UtcNow.AddMinutes(480)
});
return RedirectToLocal(returnUrl);
And I use the [Authorize] In My Controllers.
c# authentication asp.net-core-2.0 session-cookies
c# authentication asp.net-core-2.0 session-cookies
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
asked Nov 16 '18 at 18:18
Wiliam PaulinoWiliam Paulino
213
213
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I just tried your code. If you're using the 2.0.x version, change your code as below :
//ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsIdentity identity = new ClaimsIdentity(claims, "adminScheme");
And now it works flawlessly for me.
By the way, the version of 2.0 has already reached end of life on October 1, 2018. It is suggested to migrate to 2.1.x
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53343360%2fasp-net-core-2-0-cookie-authentication-expires-before-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I just tried your code. If you're using the 2.0.x version, change your code as below :
//ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsIdentity identity = new ClaimsIdentity(claims, "adminScheme");
And now it works flawlessly for me.
By the way, the version of 2.0 has already reached end of life on October 1, 2018. It is suggested to migrate to 2.1.x
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
add a comment |
I just tried your code. If you're using the 2.0.x version, change your code as below :
//ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsIdentity identity = new ClaimsIdentity(claims, "adminScheme");
And now it works flawlessly for me.
By the way, the version of 2.0 has already reached end of life on October 1, 2018. It is suggested to migrate to 2.1.x
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
add a comment |
I just tried your code. If you're using the 2.0.x version, change your code as below :
//ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsIdentity identity = new ClaimsIdentity(claims, "adminScheme");
And now it works flawlessly for me.
By the way, the version of 2.0 has already reached end of life on October 1, 2018. It is suggested to migrate to 2.1.x
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
I just tried your code. If you're using the 2.0.x version, change your code as below :
//ClaimsIdentity identity = new ClaimsIdentity(claims, "cookie");
ClaimsIdentity identity = new ClaimsIdentity(claims, "adminScheme");
And now it works flawlessly for me.
By the way, the version of 2.0 has already reached end of life on October 1, 2018. It is suggested to migrate to 2.1.x
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
edited Nov 19 '18 at 8:59
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
answered Nov 19 '18 at 8:52
itminusitminus
3,2861321
3,2861321
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53343360%2fasp-net-core-2-0-cookie-authentication-expires-before-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
