英文:
ASP.NET Core 6 project auto logout after 10~20 minutes
问题
我只想知道为什么我因为提问而被封禁!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!???????????????????????????????????????????
这个问题只存在于在线主机,而不是本地主机。
我观看了这个教程 并对我的项目进行了身份验证和授权。在本地主机上,一切正常,但当我切换到在线主机,即 Windows 主机与 Plesk(我认为它是 IIS,但我不确定),用户将在 10~20 分钟后注销,无论我使用什么 - IsPersistent 或不使用(保持用户登录)。
builder.Services.AddAuthentication("MyAuth").AddCookie("MyAuth", options =>
{
options.Cookie.Name = "MyAuth";
options.LoginPath = "/login";
options.LogoutPath = "/logout";
options.ExpireTimeSpan = TimeSpan.FromDays(30);
});
List<Claim> claims = new()
{
new Claim(ClaimTypes.NameIdentifier, user.ID.ToString()),
};
ClaimsIdentity identity = new(claims, "MyAuth");
ClaimsPrincipal principal = new(identity);
AuthenticationProperties properties = new() { IsPersistent = login.RememberMe };
await HttpContext.SignInAsync("MyAuth", principal, properties);
我尝试了来自这个教程 的一切,但都没有起作用。而且我不知道如何修复它。我搜索了很多,大多数教程都是针对 ASP.NET Framework 而不是 ASP.NET Core。
我尝试过:
- 添加
options.SlidingExpiration = true;到AddAuthentication().AddCookie。 - 添加
builder.Services.Configure<SecurityStampValidatorOptions>(o => o.ValidationInterval = TimeSpan.FromHours(10));到program.cs。 - 添加
ExpiresUtc到AuthenticationProperties。
更新:我找到了这个,但不知道该怎么办?我找不到这些设置在 Plesk 中。
神秘的 IIS 服务器注销问题
尽管你可能会在本地开发应用程序时不会注意到这个问题,但你可能会发现用户在一段时间后注销,例如 20 分钟。这很可能与 IIS 上的一些设置有关。
要修复这个问题,首先你需要进入应用程序池的高级设置。你会看到一个名为“空闲超时(分钟)”的设置,必须将其设置为 0。它的默认值是 20 分钟。这意味着如果在 20 分钟内没有新的请求,工作进程将被关闭。
当应用程序重新启动或工作进程重新启动时,如果与身份验证相关的密钥保留在内存中;
基于 Cookie 的身份验证令牌将无效,用户将需要重新登录。
因此,为了保持密钥持久,我们需要在应用程序池的高级设置中设置另一个设置;必须将 "Load User Profile" 设置为 True。这样密钥将存储在操作系统的一个文件夹中。 (%LOCALAPPDATA%/ASP.NET/DataProtection-Keys)
英文:
I Just Want to Know Why I Get Banned for Asking Questions!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!???????????????????????????????????????????
This problem only exist in Online Host not Local Host.
I watched this tutorial and do authentication and authorization of my project. On localhost, it's okay, but when I switch to online host that is Windows Host with Plesk (I think it is IIS but I'm not sure), user will get logged out after 10~20 minutes, no matter what I use - IsPersistent or not (keep user log in).
builder.Services.AddAuthentication("MyAuth").AddCookie("MyAuth", options =>
{
options.Cookie.Name = "MyAuth";
options.LoginPath = "/login";
options.LogoutPath = "/logout";
options.ExpireTimeSpan = TimeSpan.FromDays(30);
});
List<Claim> claims = new()
{
new Claim(ClaimTypes.NameIdentifier, user.ID.ToString()),
};
ClaimsIdentity identity = new(claims, "MyAuth");
ClaimsPrincipal principal = new(identity);
AuthenticationProperties properties = new() { IsPersistent = login.RememberMe };
await HttpContext.SignInAsync("MyAuth", principal, properties);
I tried everything that is from this tutorial, but nothing works. And I don't know how to fix it. I searched a lot and most of tutorial is for ASP.NET Framework - not for ASP.NET Core.
What I tried:
> 1. add options.SlidingExpiration = true; to AddAuthentication().AddCookie
> 2. add builder.Services.Configure<SecurityStampValidatorOptions>(o => o.ValidationInterval = TimeSpan.FromHours(10)); to program.cs
> 3. ExpiresUtc to AuthenticationProperties.
Update: I find this but don't know what to do? i can't find those setting is Plesk.
> Mysterious Logout on IIS Server
>
> Despite all of these settings you may experience that users are loging
> out after some minutes eg 20mins. Most probably you will not catch
> this behaviour on local while developing your application. It is
> related with some settings on IIS.
>
> To fix this behaviour, first you need to go to advanced settings of
> application pool. You will see a setting called “Idle Time-out
> (minutes)” and must set as 0. Its default value is 20mins. It means
> that if no new request comes for 20 mins, worker process will be shut
> down.
>
> When an app restarted or worker process restarted and If the keys
> related with authentication kept in memory;
>
> Cookie based authentication tokens will be invalid and users will need
> to log in again.
>
> So to keep keys persistent, we need to set one more setting on
> advanced settings of Application Pool; Load User Profile must be set
> to True. So keys will be stored in a folder on operation system.
> (%LOCALAPPDATA%/ASP.NET/DataProtection-Keys)
答案1
得分: 0
在 var app = builder.Build(); 之前,只需添加以下代码行:
builder.Services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(Directory.GetCurrentDirectory())).SetDefaultKeyLifetime(TimeSpan.FromDays(30));
英文:
I found the solution. Just add this line of code before var app = builder.Build();:
builder.Services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(Directory.GetCurrentDirectory())).SetDefaultKeyLifetime(TimeSpan.FromDays(30));
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论