C# OpenIdDict自动注销速度如此之快
我在netcore2项目中使用openiddict。问题是在一些请求用户注销后,我无法通过增加登录时间来解决 下面是我添加openiddict的代码C# OpenIdDict自动注销速度如此之快,c#,asp.net-core-2.0,openiddict,C#,Asp.net Core 2.0,Openiddict,我在netcore2项目中使用openiddict。问题是在一些请求用户注销后,我无法通过增加登录时间来解决 下面是我添加openiddict的代码 services.AddOpenIddict() .AddCore(options => { options.UseEntityFrameworkCore() .UseDbContext<DataDbContex
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<DataDbContext>()
.ReplaceDefaultEntities<Guid>();
})
.AddServer(options =>
{
options.UseMvc();
options.EnableTokenEndpoint("/api/token");
options.AllowPasswordFlow();
options.AcceptAnonymousClients();
options.DisableHttpsRequirement();
options.SetAccessTokenLifetime(TimeSpan.FromDays(10));
options.SetIdentityTokenLifetime(TimeSpan.FromDays(10));
})
.AddValidation();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
options.Password.RequireDigit = false;
options.Password.RequiredLength = 4;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequiredUniqueChars = 0;
options.Password.RequireNonAlphanumeric = false;
});
services.AddAuthentication(options =>
{
options.DefaultScheme = OpenIddictValidationDefaults.AuthenticationScheme;
});
services.AddOpenIddict()
.AddCore(选项=>
{
options.UseEntityFrameworkCore()
.UseDbContext()
.ReplaceDefaultEntities();
})
.AddServer(选项=>
{
options.UseMvc();
options.enableTokeEndpoint(“/api/token”);
options.AllowPasswordFlow();
options.acceptance非ymousclients();
选项。禁用HttpSrequirement();
options.SetAccessTokenLifetime(TimeSpan.FromDays(10));
options.SetIdentityTokenLifetime(TimeSpan.FromDays(10));
})
.AddValidation();
配置(选项=>
{
options.ClaimsIdentity.UserNameClaimType=OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType=OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType=OpenIdConnectConstants.Claims.Role;
options.Password.RequireDigit=false;
options.Password.RequiredLength=4;
options.Password.RequireLowercase=false;
options.Password.RequireUppercase=false;
options.Password.RequiredUniqueChars=0;
options.Password.RequireNonAlphanumeric=false;
});
services.AddAuthentication(选项=>
{
options.DefaultScheme=OpenIddictValidationDefaults.AuthenticationScheme;
});
在创建令牌之后
var ticket=wait CreateTicketAsync(请求,用户);
ticket.SetAccessTokenLifetime(TimeSpan.FromDays(7));瓦托肯=
签到(票、负责人、票、财产、,
票证认证方案)
我用过
专用异步任务CreateTicketAsync(OpenIdConnectRequest请求,应用程序用户)
{
//创建一个新的ClaimsPrincipal,其中包含
//将用于创建id_令牌、令牌或代码。
var principal=await _signInManager.CreateUserPrincipalAsync(用户);
//创建包含用户标识的新身份验证票证。
var票证=新的身份验证票证(主体,
新建AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
//ticket.Properties.ExpiresUtc=DateTime.Now.AddDays(2);
//设置授予客户端应用程序的作用域列表。
车票。固定镜(新[]
{
OpenIdConnectConstants.Scopes.OpenId,
//OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles
}.Intersect(request.GetScopes());
ticket.SetResources(“资源服务器”);
//注意:默认情况下,声明不会自动包含在访问和标识令牌中。
//要允许OpenIddict对它们进行序列化,必须为它们附加一个目标,该目标指定
//它们是否应包含在访问令牌、标识令牌或两者中。
foreach(票据中的var索赔。委托人索赔)
{
//永远不要在访问和身份令牌中包含安全戳,因为它是一个秘密值。
if(claim.Type==_identityOptions.Value.ClaimsIdentity.SecurityStampClaimType)
{
继续;
}
var destinations=新列表
{
OpenIdConnectConstants.Destinations.AccessToken
};
//仅当相应的作用域被授予客户机应用程序时,才将迭代声明添加到id_令牌。
//其他声明将仅添加到access_令牌,该令牌在使用默认格式时进行加密。
if((claim.Type==OpenIdConnectConstants.Claims.Name&&ticket.HasScope(OpenIdConnectConstants.Scopes.Profile))||
(claim.Type==OpenIdConnectConstants.Claims.Email&&ticket.HasScope(OpenIdConnectConstants.Scopes.Email))||
(claim.Type==OpenIdConnectConstants.Claims.Role&&ticket.HasScope(OpenIddictConstants.Claims.Roles)))
{
destinations.Add(OpenIdConnectConstants.destinations.IdentityToken);
}
索赔。设置目的地(目的地);
}
回程票;
}
创建令牌后
var ticket=wait CreateTicketAsync(请求,用户);
ticket.SetAccessTokenLifetime(TimeSpan.FromDays(7));瓦托肯=
签到(票、负责人、票、财产、,
票证认证方案)
我用过
专用异步任务CreateTicketAsync(OpenIdConnectRequest请求,应用程序用户)
{
//创建一个新的ClaimsPrincipal,其中包含
//将用于创建id_令牌、令牌或代码。
var principal=await _signInManager.CreateUserPrincipalAsync(用户);
//创建包含用户标识的新身份验证票证。
var票证=新的身份验证票证(主体,
新建AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
//ticket.Properties.ExpiresUtc=DateTime.Now.AddDays(2);
//设置授予客户端应用程序的作用域列表。
车票。固定镜(新[]
{
OpenIdConnectConstants.Scopes.OpenId,
//OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles
}.Intersect(request.GetScopes());
ticket.SetResources(“资源服务器”);
//注意:默认情况下,声明不会自动包含在访问和标识令牌中。
//要允许OpenIddict序列化它们,请
private async Task<AuthenticationTicket> CreateTicketAsync(OpenIdConnectRequest request, ApplicationUser user)
{
// Create a new ClaimsPrincipal containing the claims that
// will be used to create an id_token, a token or a code.
var principal = await _signInManager.CreateUserPrincipalAsync(user);
// Create a new authentication ticket holding the user identity.
var ticket = new AuthenticationTicket(principal,
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
// ticket.Properties.ExpiresUtc = DateTime.Now.AddDays(2);
// Set the list of scopes granted to the client application.
ticket.SetScopes(new[]
{
OpenIdConnectConstants.Scopes.OpenId,
//OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles
}.Intersect(request.GetScopes()));
ticket.SetResources("resource-server");
// Note: by default, claims are NOT automatically included in the access and identity tokens.
// To allow OpenIddict to serialize them, you must attach them a destination, that specifies
// whether they should be included in access tokens, in identity tokens or in both.
foreach (var claim in ticket.Principal.Claims)
{
// Never include the security stamp in the access and identity tokens, as it's a secret value.
if (claim.Type == _identityOptions.Value.ClaimsIdentity.SecurityStampClaimType)
{
continue;
}
var destinations = new List<string>
{
OpenIdConnectConstants.Destinations.AccessToken
};
// Only add the iterated claim to the id_token if the corresponding scope was granted to the client application.
// The other claims will only be added to the access_token, which is encrypted when using the default format.
if ((claim.Type == OpenIdConnectConstants.Claims.Name && ticket.HasScope(OpenIdConnectConstants.Scopes.Profile)) ||
(claim.Type == OpenIdConnectConstants.Claims.Email && ticket.HasScope(OpenIdConnectConstants.Scopes.Email)) ||
(claim.Type == OpenIdConnectConstants.Claims.Role && ticket.HasScope(OpenIddictConstants.Claims.Roles)))
{
destinations.Add(OpenIdConnectConstants.Destinations.IdentityToken);
}
claim.SetDestinations(destinations);
}
return ticket;
}