I have an MVC5 ".Net Framework 4.6.2" web sever with Aurelia SPA that works perfectly fine. What I am looking to do, is to extend my authentication to auto-logout the user after a period of inactivity.
With the CookieAuthenticationOptions setup as follows
LoginPath = new PathString("/Account/Login"),
SlidingExpiration=true,
ExpireTimeSpan=TimeSpan.FromMinutes(2)
What happens is, the user is no longer authenticated after the ExpireTimeSpan is reached, which is expected, but they are not automatically redirected to the Loginpath which what I need to happen.
I have the basic Startup class as seen below but the cookie ".AspNet.ApplicationCookie" never expires, it is set to 1969-12-31T23:59:59.000Z.
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
//ExpireTimeSpan = TimeSpan.FromMinutes(120),
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(15),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
}
Can someone please tell me what I am missing here?
Thank you in advance!
