在浏览器关闭时删除持久性Cookie - Identity 2.0

时间:2014-07-02 11:49:29

标签: c# asp.net-mvc cookies asp.net-identity

我正在使用asp.net identity 2.0来管理用户登录。 我正在关注Identity 2.0的示例,并且在整个浏览器关闭后无法使cookie保持不变。所有浏览器都会发生这种情况。

代码:

帐户控制器

public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }
    var result = await SignInHelper.PasswordSignIn(model.Email, model.Password, isPersistent: true, shouldLockout: true);

    switch (result)
    {
        case SignInStatus.Success:
            return RedirectToLocal(returnUrl);

        case SignInStatus.LockedOut:
            return View("Lockout");

        case SignInStatus.Failure:
        default:
            ModelState.AddModelError("", "Invalid login attempt.");
            return View(model);
    }
}

SignInHelper 

public async Task<SignInStatus> PasswordSignIn(string userName, string password, bool isPersistent, bool shouldLockout)
{
    var user = await UserManager.FindByNameAsync(userName);
    if (user == null)
    {
        return SignInStatus.Failure;
    }

    if (await UserManager.IsLockedOutAsync(user.ID))
    {
        return SignInStatus.LockedOut;
    }

    if (await UserManager.CheckPasswordAsync(user, password))
    {
        // password verified, proceed to login
        return await SignIn(user, isPersistent);
    }

    if (shouldLockout)
    {
        await UserManager.AccessFailedAsync(user.ID);
        if (await UserManager.IsLockedOutAsync(user.ID))
        {
            return SignInStatus.LockedOut;
        }
    }

    return SignInStatus.Failure;
}

- 

private async Task<SignInStatus> SignIn(User user, bool isPersistent)
{
    await SignInAsync(user, isPersistent);
    return SignInStatus.Success;
}

- 

public async Task SignInAsync(User user, bool isPersistent)
{
    var userIdentity = await user.GenerateUserIdentityAsync(UserManager);
    AuthenticationManager.SignIn(
       new AuthenticationProperties
        {
           IsPersistent = isPersistent
        },
        userIdentity
    );
}

Startup.Auth 

app.UseCookieAuthentication(new CookieAuthenticationOptions
   {
       AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
       CookieName = "ApplicationCookie",
       LoginPath = new PathString("/Account/Login"),
       ExpireTimeSpan = System.TimeSpan.FromMinutes(180), // 3 hours
       SlidingExpiration = true,
       Provider = new CookieAuthenticationProvider
       {
          OnValidateIdentity = ApplicationCookieIdentityValidator.OnValidateIdentity(
               validateInterval: TimeSpan.FromMinutes(0),
               regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
               getUserIdCallback: (user) => (user.GetGuidUserId()))
       }
   });

对不起代码墙,但我看不出我做错了什么,在浏览器关闭而没有手动注销的情况下,cookie将不会持续3小时?

1 个答案:

答案 0 :(得分:5)

问题在于OnValidateIdentity中的一个错误,当重新生成cookie时,它总是将IsPersistent设置为false(即使原始cookie是持久的)。因此,因为您将validateInterval设置为0(始终验证每个请求),您实际上永远不会获得持久cookie。

相关问题
最新问题