【发布时间】:2018-12-18 03:26:46
【问题描述】:
https://github.com/NanaseRuri/LibraryDemo/tree/Failed
我已经在我的 ASP.Net Core 项目中设置了过期时间,但它不起作用。 8 秒后,我仍然可以使用 [Authorize] 输入操作。
await HttpContext.SignInAsync(principal,new AuthenticationProperties()
{
ExpiresUtc = DateTime.UtcNow.AddSeconds(8)
});
Startup.cs:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
});
身份验证:
if (admin.Password == encryptedPassword)
{
ClaimsIdentity identity = new ClaimsIdentity("Cookie");
identity.AddClaims(new[]
{
new Claim(ClaimTypes.Name, admin.UserName),
new Claim(ClaimTypes.Email, admin.Email),
new Claim(ClaimTypes.MobilePhone, admin.PhoneNumber),
new Claim(ClaimTypes.Role, "admin"),
});
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal, new AuthenticationProperties()
{
ExpiresUtc = DateTime.UtcNow.AddSeconds(8)
});
if (returnUrl != null)
{
return Redirect(returnUrl);
}
return RedirectToAction("Index");
}
【问题讨论】:
标签: authentication cookies asp.net-core authorization