Home > Software design >  Set authentication token expiry in ASP.NET Core 6.0 MVC
Set authentication token expiry in ASP.NET Core 6.0 MVC

Time:07-15

I've got a website directly from Microsoft's ASP.NET Core 6.0 MVC web app template with "Authentication type" set to "Individual Accounts".

How do I set the expiration of the authentication token, preferably with a rolling value?

CodePudding user response:

According to the docs, you'd add something like the following in:

builder.Services.ConfigureApplicationCookie(options =>
{
    // Cookie settings
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
    options.LoginPath = "/Identity/Account/Login";
    options.AccessDeniedPath = "/Identity/Account/AccessDenied";
    options.SlidingExpiration = true;
});

From the docs about ExpireTimeSpan:

Controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored even if it is passed to the server after the browser should have purged it.

This is separate from the value of Microsoft.AspNetCore.Http.CookieOptions.Expires, which specifies how long the browser will keep the cookie.

In other words, while it doesn't set the cookie itself with an expiration value, the ExpireTimeSpan and SlidingExpiration settings will cause the application to provide a new value in responses around every 5 minutes and update within the protected cookie value the new expiration.

Page link:https//www.codepudding.com/Softwaredesign/475608.html

Prev:Different ways to instantiate classes
Next:noob to blazor and confused about page life cycle and an ever increase number of requests
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding