how to session timeout for MVC application when using Azure Identity authentication

Question

How I can sign out user form ASP.NET MVC 4.7.2 (classic) application after 20 minutes inactivity or so. I have implemented Azure Identity platform (Azure AD Authentication) for authentication.

Currently it does not timeout for several hours. Note: I tried to search previous post but I did not get the answer related to what I am asking.

score 0 · Answer 1 · answered Jul 01 '22 at 12:26

You can sign out user from ASP.NET MVC application after your desired time of inactivity by using Azure Identity platform (Azure AD Authentication).

You can disable the token lifetime by giving UseTokenLifetime = false property in the startup class as below:

Session.Timeout = <value in mins>;
UseTokenLifetime = false, 
ExpireTimeSpan = TimeSpan.FromMinutes(20);

Example:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
   {
     ...
     UseTokenLifetime = false,
     ...
   });

Try to change the session timeout value in web.config. For example, code in web.config under<system.web> namespace.

<sessionState timeout="<value in minutes>" />

Please check this Document for more information.

I am using asp.net classic. Can you suggest the solution based on it. Seem like your answer may fit to core application. — Jashvita, Jul 14 '22 at 08:38

how to session timeout for MVC application when using Azure Identity authentication

1 Answers1