aws-aspnet-cognito-identity-provider icon indicating copy to clipboard operation
aws-aspnet-cognito-identity-provider copied to clipboard

Published 20 hours ago verified publisher icon aws

my clients logouts after 30 minutes

Open Jason9n opened this issue 1 year ago • 3 comments

Describe the bug

Hi I have a big problem with identity After logging, I stay login only for 30 minutes. in my windows (localhost) it will works perfectly fine but when i publish the project and upload it on the host this problem will shows up

I'm using Identity in my project

AppDb: public class AppDb : IdentityDbContext<AppUser, IdentityRole, string> { ..... }

AppUser:

public class AppUser : IdentityUser
{

       [ProtectedPersonalData]
       public virtual string Firstname { get; set; } = string.Empty;

       [ProtectedPersonalData]
       public virtual string Lastname { get; set; } = string.Empty;

}

and I've created a simple login

Login Code :

await _signInManager.SignInAsync(user, true, default); (I even tried with password signin but no result)

after 30 minutes its will logout but the cookie will remain no matter what settings I use in the Program.cs it always logouts after 30 minutes i found some related topics on github , but it should be fixed from asp core 2.2, why i have this problem on .NET 8

Program.cs:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddDbContext<AppDb>(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));

builder.Services.AddIdentity<AppUser, IdentityRole>()
                        .AddEntityFrameworkStores<AppDb>()
                        .AddDefaultTokenProviders(); 

builder.Services.ConfigureApplicationCookie(options =>
{
    options.AccessDeniedPath = "/Main/NotFound";
    options.LoginPath = "/Account/Entering";
    options.LogoutPath = "/Account/Logout";
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromDays(30);
    options.SlidingExpiration = true;
});

even i tried this code on program.cs but no result:

builder.Services.Configure<SecurityStampValidatorOptions>(
    o => o.ValidationInterval = TimeSpan.FromDays(1));

And Again : in my windows (localhost) it will works perfectly fine but when i publish the project and upload it on the host this problem will shows up

Any help would be appreciated sorry about my english

Regression Issue

  • [ ] Select this option if this issue appears to be a regression.

Expected Behavior

stay logedin morethan 20 days

Current Behavior

no errors, at least i didnt get error

Reproduction Steps

Login Code:

 [HttpPost]
 [ValidateAntiForgeryToken]
 [AutoValidateAntiforgeryToken]
 public async Task<IActionResult> SendSmsCode([FromForm] MyViewModel model)
 {
            if (!ModelState.IsValid) return View();

            var user = await _userManager.Users.FirstOrDefaultAsync(u => u.PhoneNumber == model.PhoneNumber);
            if (user == null)
            {
                      ModelState.AddModelError(string.Empty, "wrong Phone Numer");
                      return View();
            }
            var SmsCode = await _userManager.GenerateChangePhoneNumberTokenAsync(user, user.PhoneNumber);
            ViewBag.SmsCode = SmsCode

            return View();
}

[HttpPost]
[ValidateAntiForgeryToken]
[AutoValidateAntiforgeryToken]
public async Task<IActionResult> ValidateCode([FromForm] MyViewModel model)
{
            if (!ModelState.IsValid) return View();

            var user = await _userManager.Users.FirstOrDefaultAsync(u => u.PhoneNumber == model.PhoneNumber);
            if (user == null)
            {
                     ModelState.AddModelError(string.Empty, "wrong Phone Numer");
                     return View();
            }

            bool result = await _userManager.VerifyChangePhoneNumberTokenAsync(user, model.SmsCode, user.PhoneNumber);

            if (!result)
            {
                ModelState.AddModelError(string.Empty, "wrong code");
                return View();
            }

            await _signInManager.SignInAsync(user, true, null);  
            /* i tried with "TwoFactorSignInAsync" instead of "SignInAsync" but no result */

            return RedirectToAction("Index", "Home");

AppDb:

public class AppDb : IdentityDbContext<AppUser, IdentityRole, string> { ..... }

AppUser:

public class AppUser : IdentityUser
{

       [ProtectedPersonalData]
       public virtual string Firstname { get; set; } = string.Empty;

       [ProtectedPersonalData]
       public virtual string Lastname { get; set; } = string.Empty;

}

Program.cs:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddDbContext<AppDb>(options =>
    options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));

builder.Services.AddIdentity<AppUser, IdentityRole>()
                        .AddEntityFrameworkStores<AppDb>()
                        .AddDefaultTokenProviders(); 

builder.Services.ConfigureApplicationCookie(options =>
{
    options.AccessDeniedPath = "/Main/NotFound";
    options.LoginPath = "/Account/Entering";
    options.LogoutPath = "/Account/Logout";
    options.Cookie.HttpOnly = true;
    options.ExpireTimeSpan = TimeSpan.FromDays(30);
    options.SlidingExpiration = true;
});

Possible Solution

No response

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

Microsoft.AspNetCore.Identity.EntityFrameworkCore 8.0.10 Microsoft.AspNetCore.Identity.UI 8.0.10 Microsoft.EntityFrameworkCore.SqlServer 8.0.10 Microsoft.EntityFrameworkCore.Tools 8.0.10

Targeted .NET Platform

.NET 8

Operating System and version

Windows 10

Jason9n avatar Oct 18 '24 17:10 Jason9n