Reputation: 1456
Handling expired Azure AD session in asp.net core and angular app
I have an Asp.Net core project hosting an angular application within it. There are a couple of API controllers in the asp.net core project. These controllers are called from within the Angular App.
The asp.net core app is protected by Azure AD authentication using OpenIdConnect along with Cookies. What I am looking at is how should I handle the token expiry for an overnight idle session for the user.
Currently, if a user will resume his browser session which is expired, he is thrown an exception on the async API call made from the Angular App. How should I make Angular App re-direct user back to the login page for the Azure AD application?.
Upvotes: 1
Views: 1687
Answers (2)
Reputation: 1456
I resolved the token expiry issue by moving the token cache to Sql Server. With this done, if current in-memory token is expired, the refresh token from sql server is used to generate a new access token.
Upvotes: 2
Reputation: 783
You can implement a hidden iframe in your web app that makes a request against your server every 45 minutes or so. That way, your token will always be valid while your application is running.
This blog post talks about this issue and explain your options, including showing a script that makes the request on a scheduled interval.
Upvotes: 1
Related Questions
- What is the correct way to set a cookie expiration when using Azure AD to login users to an ASP.NET Core 5 Web Application?
- Lack of Session Expiration with Azure Active Directory
- How to configure .net core angular azure AD authentication?
- Cookie not expiring for Azure AD auth
- Azure AD Authentication of Angular app with MVC Core on Azure AppService
- Azure AD Auth with Angular and .NETCore2 WEBAPI
- Azure Active directory Logout
- Azure AD ADAL in MVC Application - Token Expiration
- Azure AD 401 error - Authenticating from angular client
- Azure AAD token expire issue with web app