Gavin
Reputation: 11
How to avoid session expired cookie for Owin Federation authentication?
We are using Cookie and WsFederation middleware to authenticate against ADFS server. Everything is working fine except the generate cookie is always session expired.
When user close and reopen browser, they need to relogin.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
CookieDomain = "...some domain..."
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings[AdfsMetadataAddress],
Wtrealm = ConfigurationManager.AppSettings[AppWtRealm],
UseTokenLifetime = false
});
What are the things that we need to do in order to make cookie persisted in browser side?
Thanks very much in advance~
Upvotes: 1
Views: 802
Answers (1)
Ger Groot
Reputation: 1101
Add a CookieAuthenticationProvider where you can set the expiration
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
CookieDomain = "...some domain...",
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = context =>
{
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(30);
context.Properties.IsPersistent = true;
}
}
});
Upvotes: 1
Related Questions
- How to set the Content-Type header for an HttpClient request?
- How does cookie-based authentication work?
- How to delete a cookie?
- How do I expire a PHP session after 30 minutes?
- How do I set/unset a cookie with jQuery?
- Authorize attribute using WsFederation never executes annotated controller action
- SPA best practices for authentication and session management
- How to explain Katana and OWIN in simple words and uses?
- Authentication with AngularJS, session management and security issues with REST Api WS
- When using a HTTP-only session cookie, how does the client know when its session is going to expire?