asp.netiisasp.net-coreasp.net-identity
ASP.Net Core Identity - Unable to stay logged in for more than 20 mintues - IIS 7.5
After deploying an ASP.Net Core app using Identity to Windows 2008 R2 (IIS 7.5) I cannot stay logged in after about 20 minutes of inactivity. I'm only using simple username / password authentication, no third party stuff.
This is not an issue on my Dev machine running VS 2017.
AccountController.cs
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, true, lockoutOnFailure: false);
if (result.Succeeded)
{
_logger.LogInformation(1, "User logged in.");
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
{
return RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
}
if (result.IsLockedOut)
{
_logger.LogWarning(2, "User account locked out.");
return View("Lockout");
}
else
{
ModelState.AddModelError(string.Empty, "Invalid login attempt.");
return View(model);
}
}
return View(model);
}
Any help kindly appreciated.
EDIT Here is my ConfigureServices method in it's entirety. It has an authorization policy which could be relevant.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthorization(options =>
{
options.AddPolicy("UserOnly", policy => policy.RequireRole("User"));
options.AddPolicy("InstructorOnly", policy => policy.RequireRole("Instructor"));
options.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin"));
options.AddPolicy("SystemManagerOnly", policy => policy.RequireRole("Manager"));
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
// Configure Identity
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(240);
options.Lockout.MaxFailedAccessAttempts = 10;
// Cookie settings
options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(15);
options.Cookies.ApplicationCookie.LoginPath = "/Account/LogIn";
options.Cookies.ApplicationCookie.LogoutPath = "/Account/LogOff";
options.Cookies.ApplicationCookie.SlidingExpiration = true;
// User settings
options.User.RequireUniqueEmail = true;
});
var appSettings = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettings);
// Inject the ability to get current user
services.AddTransient<IHttpContextAccessor, HttpContextAccessor>();
// Inject the User access class
services.AddTransient<UserResolverService>();
}
Here is a screenshot of Chrome Dev Tools showing the response/request cookie. The Login page seems to send the correct cookie with a an expiration 15 days into the future. Subsequent pages are called using this cookie.
Solution
For some very strange reason I'm not seeing this problem anymore.
The only change I made to either config or code was configuring the IIS version log to enable cs(Cookie).
Thank for your assistance @Rohith Rajan
- ASP.NET OleDbConnection Problem
- ListView with DataPager not working
- Server side paging with ajax & jQuery
- How to implement paging for asp:DataList in .NET 2.0?
- How to use RouteValues using MvcPaging2.0 in MVC3?
- Dynamically Added LinkButtons Don't Fire OnClick Event
- GraphServiceClient filter issue
- Using DropDown_SelectedIndexChanged to bind gridview, but paging is not working
- Paging results in asp.net
- Retrieve 10 records from MySQL?
- Pageddatasource fails paging With "does not implement ICollection."
- how change the RadDataPager Page# From CodeBehind (server-side)
- Jquery code doesn't work after paging?
- jqGrid Group summary not showing total sum with paging
- Showing image in datalist asp.net
- ASP.NET paging in div
- GridView from CodeBehind in C# Paging not working
- ObjectDataSource paging and extra parameters
- Google Like Paging in asp.net c#
- asp.net subsonic 2.2 paging linked table collection
- Datagrid paging align right
- ASP.net inserted row in Datatable disappearing on page change
- How to remember the selected checkboxes between each paging-press
- How to force Visual Studio to re-create the SSL certificate for a .NET Core Web Application running Kestrel?
- Efficient paging with Repeater, SQL Server and custom Pager
- listview item indexing
- Simple Paging in datalist as in GridView - NOT CUSTOM PAGING
- On page load, navigate to a specific page where a listviewitem belongs using listview and datapager?
- Fill datagrid with paging enabled in asp.net
- How to remove paging text in excel sheet while exporting data from GridView to Excelsheet?