Search code examples
asp.net-mvc-5asp.net-identity

what happens when validateInterval in the CookieAuthenticationOptions expires

What will happen when validateInterval timeout expires? this is my authentication config

var cookieAuthOptions = new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Compte/Login"),
    CookieDomain = ".rdvdoc.fr",
    //si pas défini le cookie expire à la fin de la navigation, définit une durée de validité du cookie
    ExpireTimeSpan = TimeSpan.FromDays(365),
    //pour étendre la validité du cokie à chaque reconnexion
    SlidingExpiration = true,
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the computer logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User>(
            validateInterval: TimeSpan.FromMinutes(60),
            regenerateIdentity: (manager, user) => ApplicationUser.GenerateUserIdentityAsync(user, manager))
    }
};

what i want to know is: after the validateidentity timeout expires, GenerateUserIdentityAsync will be called, but where does the user object fed to it come from?

  1. is it refetched from the database?
  2. is it recreated from the cookie data?
  3. another way?

thanks

Solution

  • The manager is fetched from the owin context and the userId from the cookie. The user is then fetched from the manager.

    ...
TManager manager = OwinContextExtensions.GetUserManager<TManager>(context.OwinContext);
...
TKey userId = getUserIdCallback(context.Identity);
...
TUser user = await Microsoft.AspNet.Identity.TaskExtensions.WithCurrentCulture<TUser>(manager.FindByIdAsync(userId));