The idea is to set different values of Session Timeout for different User Roles in ASP.NET MVC 5 and ASP.NET Identity.
我们的想法是为ASP.NET MVC 5和ASP.NET Identity中的不同用户角色设置不同的Session Timeout值。
Is it possible to do?
有可能吗?
2 个解决方案
#1
2
Based on their role you could set the timeout, i.e.
根据他们的角色,您可以设置超时,即
HttpContext.Current.Session.Timeout = 20;
Going by your previous question you want to do this dynamically. You could store and update the times themselves in session and set for each role on OnActionExecuting of a base controller.
按照上一个问题,您要动态执行此操作。您可以在会话中自行存储和更新时间,并在OnActionExecuting基础控制器上为每个角色设置。
if (User.IsInRole("Admin"))
{
filterContext.HttpContext.Session.Timeout =
(int)filterContext.HttpContext.Session["AdminTimeoutThatYouSetSomewhereElseGlobally"];
}
#2
5
If you are trying to boot admins out sooner than regular users, here is my stub on this in Identity.
如果您尝试比普通用户更快地启动管理员,这里是我在Identity中的存根。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// other stuff
Provider = new CookieAuthenticationProvider
{
// this function is executed every http request and executed very early in the pipeline
// and here you have access to cookie properties and other low-level stuff.
// makes sense to have the invalidation here
OnValidateIdentity = async context =>
{
// invalidate user cookie if user's security stamp have changed
var invalidateBySecirityStamp = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager));
await invalidateBySecirityStamp.Invoke(context);
// check if user is in admin role
var isAdmin = context.Identity.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "AdminRoleName");
// check if enough time has passed to invalidate cookie
var currentUtc = DateTimeOffset.UtcNow;
if (context.Options != null && context.Options.SystemClock != null)
{
currentUtc = context.Options.SystemClock.UtcNow;
}
var issuedUtc = context.Properties.IssuedUtc;
var bootThemOut = (issuedUtc == null);
if (issuedUtc != null)
{
var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
bootThemOut = timeElapsed > TimeSpan.FromMinutes(3); // invalidate admin cookies in 3 minutes
}
if (isAdmin && bootThemOut)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});
#1
2
Based on their role you could set the timeout, i.e.
根据他们的角色,您可以设置超时,即
HttpContext.Current.Session.Timeout = 20;
Going by your previous question you want to do this dynamically. You could store and update the times themselves in session and set for each role on OnActionExecuting of a base controller.
按照上一个问题,您要动态执行此操作。您可以在会话中自行存储和更新时间,并在OnActionExecuting基础控制器上为每个角色设置。
if (User.IsInRole("Admin"))
{
filterContext.HttpContext.Session.Timeout =
(int)filterContext.HttpContext.Session["AdminTimeoutThatYouSetSomewhereElseGlobally"];
}
#2
5
If you are trying to boot admins out sooner than regular users, here is my stub on this in Identity.
如果您尝试比普通用户更快地启动管理员,这里是我在Identity中的存根。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// other stuff
Provider = new CookieAuthenticationProvider
{
// this function is executed every http request and executed very early in the pipeline
// and here you have access to cookie properties and other low-level stuff.
// makes sense to have the invalidation here
OnValidateIdentity = async context =>
{
// invalidate user cookie if user's security stamp have changed
var invalidateBySecirityStamp = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager));
await invalidateBySecirityStamp.Invoke(context);
// check if user is in admin role
var isAdmin = context.Identity.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "AdminRoleName");
// check if enough time has passed to invalidate cookie
var currentUtc = DateTimeOffset.UtcNow;
if (context.Options != null && context.Options.SystemClock != null)
{
currentUtc = context.Options.SystemClock.UtcNow;
}
var issuedUtc = context.Properties.IssuedUtc;
var bootThemOut = (issuedUtc == null);
if (issuedUtc != null)
{
var timeElapsed = currentUtc.Subtract(issuedUtc.Value);
bootThemOut = timeElapsed > TimeSpan.FromMinutes(3); // invalidate admin cookies in 3 minutes
}
if (isAdmin && bootThemOut)
{
context.RejectIdentity();
context.OwinContext.Authentication.SignOut(context.Options.AuthenticationType);
}
}
}
});