When a user access a website and enters their credentials which are stored in our database, we when create an authentication.
How do you set the timeout?
Using MVC 5.
My Authentication looks like this:
var claims = new List<Claim>();
claims.Add(new Claim("UserId", user.UserID.ToString()));
claims.Add(new Claim(ClaimTypes.Name, user.FirstName + " " + user.LastName));
claims.Add(new Claim(ClaimTypes.Email, user.Email));
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.UserID.ToString()));
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignIn(id);
The way to set an fixed expiration time span is to set the ExpireTimeSpan
property in your Startup.Auth.cs
file like this:
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromDays(2)
});
Note that you'll also have to set the cookie to persist. In your code you'll have to pass in a bool in addition to the username and password, and then change
authenticationManager.SignIn(id);
to be
authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = rememberMe }, id);
With the following you do not need to use Startup.cs
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddHours(1), }, id);