authentication by [Authorize(Roles = "xxx")] in a razor pages model

Question

I am using [Authorize(Roles = "xxx")] in my Asp.Net Core Razor Pages application. It works fine but after some minutes (maybe 5) when I click Edit or Create button in my Crud, it sign out. How may I fix this? I guess the role is alive maybe just 5 minutes(a default time), but I don't know how to remove or change it.

Here is my StartUp class:

  public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddDbContext<ApplicationDbContext>(options =>
                           options.UseSqlServer(
                               Configuration.GetConnectionString("DefaultConnection")));
            services.AddDatabaseDeveloperPageExceptionFilter();
            services.AddIdentity<IdentityUser, IdentityRole>()
                .AddDefaultTokenProviders()
                .AddEntityFrameworkStores<ApplicationDbContext>();
            services.AddControllersWithViews();
            services.AddRazorPages().AddRazorRuntimeCompilation();


            services.AddScoped<PagingParameter, PagingParameter>();

            services.AddTransient<IEmailSender, EmailSender>();

            services.AddReCaptcha(Configuration.GetSection("ReCaptcha"));
            services.AddLocalization();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseMigrationsEndPoint();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            {

                app.UseHttpsRedirection();
                app.UseStaticFiles();

                app.UseRouting();

                app.UseAuthentication();
                app.UseAuthorization();

                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                    endpoints.MapRazorPages();
                });
            }
        }
    }

Answer 1

You got 2 options. As @mj1313 mentioned you can either use:

services.ConfigureApplicationCookie(options =>
{
    options.SlidingExpiration = true; // instruct the handler to re-issue a new cookie with a new expiration time any time it processes a request which is more than halfway through the expiration window
    options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
});

and the other one is to pass expiration time in AuthenticationProperties while signing in:

var props = new AuthenticationProperties {
  IsPersistent = true,
  ExpiresUtc = DateTimeOffset.UtcNow.Add(//put expiration time here)
};

Answer 2

Try to change the cookie ExpireTimeSpan:

services.ConfigureApplicationCookie(options =>
{
    options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
});

You can refer to the doc for more details.