Search code examples
asp.net-core-2.1asp.net-core-identity

DotNet Core identity - it doesn't remember the user

I want my DotNet Core site to remember logged in users for days, or even weeks. But it doesn't. 20 minutes. And it's all.

I've already tried all possible options. Doesn't work.

All ordinary DotNet & OWIN sites of mine do it. DotNetCore - no! Please help !!!!!!

Update: I have added SignIn Code (which is typical) an User class.

 public void ConfigureServices(IServiceCollection services)
    {
        services.AddIdentity<Core.Client.API.Models.User, Core.Client.API.Models.UserRole>().AddDefaultTokenProviders();

        services.Configure<IdentityOptions>(options =>
        {
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
            options.Lockout.MaxFailedAccessAttempts = 10;
            options.Lockout.AllowedForNewUsers = true;
        });

        services.ConfigureApplicationCookie(options =>
        {            
            options.Cookie.HttpOnly = true;
            options.Cookie.Name = "**********.Auth";
            options.ExpireTimeSpan = TimeSpan.FromDays(30);
            options.LoginPath = "*******";
            options.AccessDeniedPath = "**********";
            options.SlidingExpiration = true;
        });

        services.AddAntiforgery();
        services.AddMemoryCache();

        services.AddTransient<IUserStore<Core.Client.API.Models.User>, Core.Logic.Services.UserService>();
        services.AddTransient<IRoleStore<Core.Client.API.Models.UserRole>, Core.Logic.Services.UserRoleService>();
        services.AddTransient<Core.Storage.Api.IUserStore, Core.Db.Services.UserStore>();


        services.AddMvc().SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_1);           
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();
        app.UseAuthentication();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

//SignIn Code
public async Task<ActionResult> Login()
    {
        await _signInManager.SignOutAsync();
        var u = await _userManager.FindByNameAsync("UserName");
        if(u != null)
        {
            await _signInManager.SignInAsync(u, true);
        }
        return new RedirectToActionResult(nameof(HomeController.Index), "Home", null);
    }

//User class
public class User : IIdentity
{
    public Guid Id { get; set; } = Guid.NewGuid();
    public bool IsAuthenticated { get; set; }
    public string AuthenticationType { get; set; }
    public string Name { get; set; }
    ....
}
Solution

  • I've found the answer.

    In order to control authorization cookie lifetime your custom UserStore should realize the IUserSecurityStampStore interface, not the ordinary IUserStore!

    IUserSecurityStampStore asks for two additional methods: SetSecurityStampAsync and GetSecurityStampAsync. And this is the clue.