Closed ben-foster-rightio closed 5 years ago
I do have a custom implementation of the UserStore and RoleStore, but I don't know where to begin in debugging this.
I've finally worked out what this is. It's to do with cookie validation checking being run every 30 mins by default. It's a fault in asp.net core 2.1 and should be fixed in 2.2. See this thread for further details. https://stackoverflow.com/questions/53450844/session-logged-out-too-soon
The interval at which is runs is configurable. Is your problem that when it checks it will always lock you out? If that is the case are you implementing a security stamp?
You remove the validator altogether by removing the event in the cookie options.
We're closing this issue as the behaviour discussed seems to be by design.
I'm receiving user complaints saying they are being directed to the login screen randomly when it has only been a minute or so since they clicked a button that would have sent a message to the server side.
Here is a log of one of the errors.
[INF] Executed action "MyAppManager.Controllers.API.AgreementAPIController.GetAgreements (MyAppManager)" in 1473.4897ms (afa2e885) [INF] Request finished in 1474.816ms 200 application/json; charset=utf-8 (791a596a) [INF] Request starting HTTP/1.1 GET http://MyAppmanager.MyApp.co.uk/api/AgreementAPI/GetAgreements?searchTerm=1543309403289 (ca22a1cb) [INF] Entity Framework Core "2.1.3-rtm-32065" initialized '"IdentityDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "None" (9958f5bb) [INF] Executed DbCommand ("1"ms) [Parameters=["@__get_Item_0='?' (DbType = Int32)"], CommandType='Text', CommandTimeout='30']" ""SELECT TOP(1) [e].[UserId], [e].[AcquisitionTeamId], [e].[AreaNumber], [e].[AuthorisationPassword], [e].[AutoBooking], [e].[AutoUpdateSoftware], [e].[AvayaFullName], [e].[AvayaName], [e].[AvaysExt], [e].[CanSellAgreement], [e].[ChangePassword], [e].[CompanyId], [e].[DateEnded], [e].[DateStarted], [e].[DebugLogs], [e].[DefaultQuotes], [e].[DepartmentId], [e].[EmailAddress], [e].[Forename], [e].[HomeServeEmployee], [e].[Initials], [e].[IsPurchaseOrderReviewer], [e].[JobTitle], [e].[LogonName], [e].[MaxLogins], [e].[Message], [e].[Name], [e].[Notes], [e].[PartTime], [e].[Password], [e].[ReportDDI], [e].[RoleId], [e].[Shift], [e].[ShowEngineerAlert], [e].[Surname], [e].[TerminationId], [e].[TrackFastVersion], [e].[UnreadMessage], [e].[VisibleOnChronicle] FROM [Users] AS [e] WHERE [e].[UserId] = @__get_Item_0" (0723d8ff) [INF] AuthenticationScheme: "Identity.Application" signed out. (d3f50c8d) [INF] AuthenticationScheme: "Identity.External" signed out. (d3f50c8d) [INF] AuthenticationScheme: "Identity.TwoFactorUserId" signed out. (d3f50c8d) **[INF] "Identity.Application" was not authenticated. Failure message: "No principal." (48071232)** [INF] Route matched with "{action = \"GetAgreements\", controller = \"AgreementAPI\", page = \"\", area = \"\"}". Executing action "MyAppManager.Controllers.API.AgreementAPIController.GetAgreements (MyAppManager)" (a44c0341) [INF] Authorization failed. (b15dd539) [INF] Authorization failed for the request at filter '"Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter"'. (8b6446cb) [INF] Executing ChallengeResult with authentication schemes ([]). (f3dca807) [INF] AuthenticationScheme: "Identity.Application" was challenged. (d45f1f38) [INF] Executed action "MyAppManager.Controllers.API.AgreementAPIController.GetAgreements (MyAppManager)" in 0.3846ms (afa2e885) [INF] Request finished in 9.3835ms 401 (791a596a) [INF] Request starting HTTP/1.1 POST http://MyAppmanager.MyApp.co.uk/API/CustomerAPI/WriteToLog/ application/x-www-form-urlencoded; charset=UTF-8 61 (ca22a1cb) [INF] Route matched with "{action = \"WriteToLog\", controller = \"CustomerAPI\", page = \"\", area = \"\"}". Executing action "MyAppManager.Controllers.API.CustomerAPIController.WriteToLog (MyAppManager)" (a44c0341) [INF] Executing action method "MyAppManager.Controllers.API.CustomerAPIController.WriteToLog (MyAppManager)" with arguments (["ERROR: WebAPI call is not authenticated", "error"]) - Validation state: Valid (4e3479ed) [ERR] Client log: ERROR: WebAPI call is not authenticated (d4244074)
Startup File
public void ConfigureServices(IServiceCollection services) { services.AddScoped<IRFDbRepository, RFDbRepository>(); var connection = _configuration.GetConnectionString("RFDbConnection"); services.Configure<ConnectionStrings>(_configuration.GetSection("ConnectionStrings")); services.AddDbContext<RFDbContext>(options => options.UseSqlServer(connection)); services.AddDbContext<IdentityDbContext>(options => options.UseSqlServer(connection)); services.AddAutoMapper(); services.AddIdentity<User, UserRole>().AddDefaultTokenProviders(); services.AddTransient<IUserStore<User>, UserStore>(); services.AddTransient<IRoleStore<UserRole>, RoleStore>(); services.ConfigureApplicationCookie(options => { options.LoginPath = "/Identity/Account/Login"; options.LogoutPath = "/Identity/Account/Logout"; options.ExpireTimeSpan = TimeSpan.FromMinutes(60); options.SlidingExpiration = true; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddRazorPagesOptions(options => { options.AllowAreas = true; options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout"); }); }
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IRFDbRepository rFDbRepository) { loggerFactory.AddFile(_configuration.GetValue<string>("Logging:LogFile")); app.UseStaticFiles(); app.UseAuthentication(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); routes.MapRoute( name: "ActionApi", template: "api/{controller}/{action}/{id?}"); }); rFDbRepository.TestConnection(); }
Also I've setup the app pool as below: