I have the following code in ConfigureServices
method:
var federationSettings = new FederationSettings();
this.Configuration.GetSection(nameof(FederationSettings)).Bind(federationSettings);
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
CryptoProviderFactory.Default.CustomCryptoProvider = new Sha1Provider();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignOutScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options =>
{
options.UseTokenLifetime = false;
options.SecurityTokenHandlers.Clear();
options.SecurityTokenHandlers.Add(new CustomSamlSecurityTokenHandler());
options.SecurityTokenHandlers.Add(new Saml2SecurityTokenHandler());
options.SecurityTokenHandlers.Add(new JwtSecurityTokenHandler());
options.RequireHttpsMetadata = false;
options.Wtrealm = federationSettings.Realm;
options.MetadataAddress = federationSettings.AdfsMetadataUrl;
})
.AddCookie(options =>
{
options.Cookie.Name = "AuthenticationCookie";
options.ExpireTimeSpan = TimeSpan.FromDays(10);
options.SlidingExpiration = true;
});
If I set ExpireTimeSpan
to 10 seconds the authentication ticket expires after 10 seconds, but it doesn't work if I set it to more than 30 minutes. How can I increase ExpireTimeSpan
?
By default the cookie is refreshed after 30 minutes on the next request to ensure the claims are up to date assuming the security stamp hasn't changed, if that has changed, it'll sign out and clear the cookie instead. The CookieAuthenticationOptions class is used to configure the authentication provider options.
SecurityStampValidator validate your security stamp.
If user is logged happens ~every 10 seconds, depending on requests ratio. Server checks security stamps upon every request to the server
options.ValidationInterval = TimeSpan.FromSeconds(10))
.Cookie is valid for 10 days.
options.ExpireTimeSpan = TimeSpan.FromDays(10);
, it can be extended withoptions.SlidingExpiration = true;
if page is refreshed or navigated.Do no run
_userManager.UpdateSecurityStampAsync(user);
, this updates security stamp and nextoptions.ValidationInterval
validation will fail.SecurityStampValidatorOptions Invoked when the default security stamp validator replaces the user's ClaimsPrincipal in the cookie.