[Archived] ASP.NET Core Identity is the membership system for building ASP.NET Core web applications, including membership, login, and user data. Project moved to https://github.com/aspnet/AspNetCore
This is more of a question but its not enough of a question that i could post it up on stack overflow without risking it just getting closed as primary opinion based or to broad. So i am going to put it here in hopes of getting an answer.
The issue is the understanding of how remember me is supposed to work. My problem is that its not doing what we would expect it to do.
Management expects when a user logs in and clicks remember me that they will then not be required to type their login and password again for a month. Whether or not they will still have to type in the 2fa code is up for debate.
What is actually happening is that i can close the browser reboot and come back for about an hour and 15 minutes and then i will be forced to type my password again. This still happens even with a valid .AspNetCore.Identity.Application cookie set that is not due to expire for another month.
After digging around in the code i found that Remember me is actually isPersistent and it is defined as.
Flag indicating whether the sign-in cookie should persist after the browser is closed.
Which brings you to:
There are two different types of Cookies:
session cookies, held in memory, and which expire once the browser exits
persistent cookies, which have a time-to-live, are persisted on disk, and are sent by the browser until their time-to-live has elapsed.
All this being said remember machine 2fa works as expected i am not prompted again for the 2fa and i have a cookie on my machine Identity.TwoFactorRememberMe.
So I guess my question is why are we not getting a Identity.FactorRememberMe or why isn't sign in respecting a long life time of the AspNetCore.Identity.Application cookie?
How is this supposed to work exactly? I am following the code here even though we have normal MVC and not razor pages like you have in the example. I am still just calling
var signInUserResult = await _signInManager.PasswordSignInAsync(userName, password, rememberMe, true);
Note: I am using Asp .net Identity in Identity server 4 application.
This is more of a question but its not enough of a question that i could post it up on stack overflow without risking it just getting closed as primary opinion based or to broad. So i am going to put it here in hopes of getting an answer.
The issue is the understanding of how remember me is supposed to work. My problem is that its not doing what we would expect it to do.
Management expects when a user logs in and clicks remember me that they will then not be required to type their login and password again for a month. Whether or not they will still have to type in the 2fa code is up for debate.
What is actually happening is that i can close the browser reboot and come back for about an hour and 15 minutes and then i will be forced to type my password again. This still happens even with a valid
.AspNetCore.Identity.Applicationcookie set that is not due to expire for another month.After digging around in the code i found that Remember me is actually isPersistent and it is defined as.
Which brings you to:
There are two different types of Cookies:
All this being said remember machine 2fa works as expected i am not prompted again for the 2fa and i have a cookie on my machine
Identity.TwoFactorRememberMe.So I guess my question is why are we not getting a
Identity.FactorRememberMeor why isn't sign in respecting a long life time of theAspNetCore.Identity.Applicationcookie?How is this supposed to work exactly? I am following the code here even though we have normal MVC and not razor pages like you have in the example. I am still just calling
Note: I am using Asp .net Identity in Identity server 4 application.