18

When a user access a website and enters their credentials which are stored in our database, we when create an authentication.

How do you set the timeout? Using MVC 5.

My Authentication looks like this:

        var claims = new List<Claim>();
        claims.Add(new Claim("UserId", user.UserID.ToString()));
        claims.Add(new Claim(ClaimTypes.Name, user.FirstName + " " + user.LastName));
        claims.Add(new Claim(ClaimTypes.Email, user.Email));
        claims.Add(new Claim(ClaimTypes.NameIdentifier, user.UserID.ToString()));
        var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);

        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignIn(id);
DavidJS
  • 417
  • 2
  • 5
  • 16

2 Answers2

32

The way to set an fixed expiration time span is to set the ExpireTimeSpan property in your Startup.Auth.cs file like this:

// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    ExpireTimeSpan = TimeSpan.FromDays(2)
});

Note that you'll also have to set the cookie to persist. In your code you'll have to pass in a bool in addition to the username and password, and then change

authenticationManager.SignIn(id);

to be

authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = rememberMe }, id);
Dave
  • 1,338
  • 12
  • 17
4

With the following you do not need to use Startup.cs

AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddHours(1), }, id);
soccer7
  • 3,547
  • 3
  • 29
  • 50