当前位置: 动力学知识库 > 问答 > 编程问答 >

asp.net - Identity cookie loses custom claim information after a period of time

问题描述:

I am storing custom claims, such as the user's real name, in the ASP.NET Identity cookie to avoid unnecessary database queries on every request. At least that's what I assume this code is doing:

var identity = await user.GenerateUserIdentityAsync(UserManager);

identity.AddClaim(new Claim(ClaimTypes.GivenName, user.FirstName)));

// etc.

AuthenticationManager.SignIn(new AuthenticationProperties {IsPersistent=true}, identity);

This works fine, and I can retrieve these claims with:

private static string GetClaim(string claimType)

{

var identity = (ClaimsPrincipal) Thread.CurrentPrincipal;

var claim = identity.Claims.SingleOrDefault(o => o.Type == claimType);

return claim == null ? null : claim.Value;

}

The identity.Claims property contains the following claims, as expected:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: ced2d16c-cb6c-4af0-ad5a-09df14dc8207

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: [email protected]

http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider: ASP.NET Identity

AspNet.Identity.SecurityStamp: 284c648c-9cc7-4321-b0ce-8a347cd5bcbf

http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Admin

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: My Name

The trouble is that after some time (usually several hours), my custom claims seem to disappear - in this example, givenname no longer exists in the enumeration. The user is still authenticated, and all the default claims are still there.

What's going on, and how can I fix this? The only thing I can think of is that the cookie is expiring and being re-issued behind the scenes, but I don't know why (or if) that would happen.

网友答案:

Yes, the issue is most likely the cookie getting expired. Since you didn't add the custom claims to the user's claims in the database, they are lost on refresh since you aren't adding the claim inside the method being called. You can either add the claim via:

userManager.AddClaim(user.Id, new Claim(ClaimTypes.GivenName, user.FirstName));

or you can move this inside of the method that's called when the cookie is regenerated (by default its user.GenerateUserIdentityAsync).

        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });
分享给朋友:
您可能感兴趣的文章:
随机阅读: