Can you configure OWIN Cookie Authentication to prevent certain URLs from affecting sliding expiration?

Question

We have an ASP.NET MVC 5 app using OWIN Cookie Authentication with a sliding expiration. On the client, we have a script that polls a web service every minute for notifications. We would like to prevent that web service call from causing the auth token expiration from sliding forward. Is there any way to do that?

I was considering implementing my own custom sliding expiration method in an OnValidateIdentity handler, but setting ExpiresUtc in that method doesn't appear to actually affect the token's expiration date.

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = cookieValidateIdentityContext =>
        {
            cookieValidateIdentityContext.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(-1);
            return Task.FromResult(0);
        }
    },

    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    AuthenticationMode = AuthenticationMode.Active,
    LoginPath = new PathString("/"),
    SlidingExpiration = false,
    LogoutPath = new PathString("/Sessions/Logout")
});

Any help is appreciated!

Answer 1

I haven't tested this, but it should work in theory:

app.Use("/path1", app2 => app2.UseCookieAuthentication(...));
app.Use("/path2", app3 => app3.UseCookieAuthentication(...));
app.UseCookieAuthentication(...);

The ordering of the Use calls is important. The beautiful thing about Owin is its ability to override any behavior on subpaths.