c# - OWIN SignIn authenticating after refresh -
i'm trying sign in user like....
var accessor = httpcontext.current.getowincontext().get<applicationsigninmanager>(); var result = await accessor.createuseridentityasync(new user() { ... }); authenticationmanager.signin( new authenticationproperties { allowrefresh = false, ispersistent = false }, result);
and signin works, if refresh page, user still authenticated, expect user logged out, since set both allowrefresh
, ispersistent
false. missing obvious? or maybe not-obvious? (if makes difference, 'user' signed in not exist, it's sort of anonymous authenticated user).
allowrefresh setting allows/disallows cookie being refreshed (eg expiry updated) when request.
it has nothing whether should still authenticated if page refreshed.
bool? allowrefresh = authenticationticket.properties.allowrefresh; if (issuedutc.hasvalue && expiresutc.hasvalue && base.options.slidingexpiration && (!allowrefresh.hasvalue || allowrefresh.value)) { timespan t = utcnow.subtract(issuedutc.value); timespan t2 = expiresutc.value.subtract(utcnow); if (t2 < t) { this._shouldrenew = true; this._renewissuedutc = utcnow; timespan timespan = expiresutc.value.subtract(issuedutc.value); this._renewexpiresutc = utcnow.add(timespan); } }
Comments
Post a Comment