Echilon
Reputation: 10244
Auth Timeout with MVC5
I'm using ASP.NET identity with MVC5 and want to expire logged in users after a set period. I've added a section to system.web in web.config:
<authentication mode="Forms">
<forms timeout="1" slidingExpiration="false"/>
</authentication>
I've also changed the login code to not use a persistent cookie:
var authenticationManager = HttpContext.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await _userManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
But the user is never logged out, they just stay logged in forever.
Upvotes: 0
Views: 689
Answers (1)
Echilon
Reputation: 10244
It seems there's a difference between forms auth and ASP.NET Identity. The web.config settings don't have any effect if you're using Identity.
The settings for Identity are in App_Start\Startup.Auth.cs:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/"),
ExpireTimeSpan = TimeSpan.FromMinutes(24),
SlidingExpiration =false
});
Upvotes: 1
Related Questions
- Session timeout does not work in ASP.NET MVC
- Session Cookie Timeout Asp.net mvc Windows Authentication
- Cookie expires or session timeout too soon
- Forms Authentication Timeout Being Ignored
- Authentication session timeout
- Logged-in user gets an error "Authorization has been denied for this request" after a while
- ASP.NET MVC 4 Session timeout
- Forms Authentication Timeout Logging
- ASP.NET MVC FormsAuthentication Cookie timeout cannot be increased
- Session Time Out never in asp.net mvc