CODEWITHSUNDEEP
cookiesasp.net-mvc-5claims-based-identity
Sean Wagner
Sean Wagner

Reputation: 131

Setting expiration for cookie on claims based authentication

I got an standard MVC5 web app with a somewhat modified login from the template.

Im trying to set a 30 minute expiration on the cookie that is created when I login

Here is my login action

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        var user = AccountDomain.CheckUserLogin(model.UserName, model.Password);

        if (user != null)
        {
            AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);

            var claims = new List<Claim>
            {
                new Claim("UserName", user.UserName),
                new Claim("FirstName", user.FirstName ?? ""),
                new Claim("LastName", user.LastName ?? "")
            };

            var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);

            var claimsPrincipal = new ClaimsPrincipal(identity);

            Thread.CurrentPrincipal = claimsPrincipal;

            AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = model.RememberMe }, identity);

            return RedirectToLocal(returnUrl);
        }
        else
        {
            ModelState.AddModelError("", "Invalid username or password.");
        }

        return View(model);
    }

i tried doing this

var exp = new DateTimeOffset().AddMinutes(5);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = model.RememberMe, ExpiresUtc = exp }, identity);

but the cookie states expiration: When the browsing session ends

If 'remember me' is checked on the login page, then IsPersistent will be true and will set the expiration of the cookie to 14 days from login time.

How can i set the expiration time of the cookie manually?

Upvotes: 1

Views: 6314

Answers (3)

Justin
Justin

Reputation: 594

Set ExpireTimeSpan in Startup.Auth.cs as shown below. 

    app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                xxx...
            },
            ExpireTimeSpan = TimeSpan.FromDays(7),
            SlidingExpiration = false

Upvotes: 0

Vladimir
Vladimir

Reputation: 1420

ExpireTimeSpan will set the expiration for persistent logins. This is however not what you want if you want to support both types of logins. Here is a solution that works for the normal login and does not break the persistent one: User logout after non-persistent login in Asp.Net Identity 2

Upvotes: 0

AlexSolovyov
AlexSolovyov

Reputation: 497

You should have a StartUp.cs config file with the following code:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
               ExpireTimeSpan = TimeSpan.FromDays(5),
               SlidingExpiration = true
            }
        });

ExpireTimeSpan give you an abillity to set the expiration time manually.

Upvotes: 1

Related Questions