diff --git a/src/Services/Identity/Identity.API/Controllers/AccountController.cs b/src/Services/Identity/Identity.API/Controllers/AccountController.cs index 6e9bbce16..ccb19a66d 100644 --- a/src/Services/Identity/Identity.API/Controllers/AccountController.cs +++ b/src/Services/Identity/Identity.API/Controllers/AccountController.cs @@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.eShopOnContainers.Services.Identity.API.Models; using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels; using Microsoft.eShopOnContainers.Services.Identity.API.Services; +using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers @@ -32,6 +33,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers private readonly IClientStore _clientStore; private readonly ILogger _logger; private readonly UserManager _userManager; + private readonly IConfiguration _configuration; public AccountController( @@ -40,13 +42,15 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers IIdentityServerInteractionService interaction, IClientStore clientStore, ILogger logger, - UserManager userManager) + UserManager userManager, + IConfiguration configuration) { _loginService = loginService; _interaction = interaction; _clientStore = clientStore; _logger = logger; _userManager = userManager; + _configuration = configuration; } /// @@ -81,20 +85,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers if (await _loginService.ValidateCredentials(user, model.Password)) { + var tokenLifetime = _configuration.GetValue("TokenLifetimeMinutes", 120); + var props = new AuthenticationProperties { - ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2), + ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(tokenLifetime), AllowRefresh = true, RedirectUri = model.ReturnUrl }; if (model.RememberMe) { - props = new AuthenticationProperties - { - IsPersistent = true, - ExpiresUtc = DateTimeOffset.UtcNow.AddYears(10) - }; + var permanentTokenLifetime = _configuration.GetValue("PermanentTokenLifetimeDays", 365); + + props.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(permanentTokenLifetime); + props.IsPersistent = true; }; await _loginService.SignInAsync(user, props); diff --git a/src/Services/Identity/Identity.API/appsettings.json b/src/Services/Identity/Identity.API/appsettings.json index 2f05c2d1c..7610f98d6 100644 --- a/src/Services/Identity/Identity.API/appsettings.json +++ b/src/Services/Identity/Identity.API/appsettings.json @@ -25,5 +25,7 @@ "Name": "eshop", "ClientId": "your-clien-id", "ClientSecret": "your-client-secret" - } + }, + "TokenLifetimeMinutes": 120, + "PermanentTokenLifetimeDays": 365 } diff --git a/src/Web/WebMVC/Controllers/AccountController.cs b/src/Web/WebMVC/Controllers/AccountController.cs index 0f214b8ea..f4562b169 100644 --- a/src/Web/WebMVC/Controllers/AccountController.cs +++ b/src/Web/WebMVC/Controllers/AccountController.cs @@ -6,19 +6,29 @@ using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.Extensions.Logging; +using System; namespace Microsoft.eShopOnContainers.WebMVC.Controllers { [Authorize] public class AccountController : Controller { + private readonly ILogger _logger; + + public AccountController(ILogger logger) + { + _logger = logger ?? throw new ArgumentNullException(nameof(logger)); + } + [Authorize] public async Task SignIn(string returnUrl) { var user = User as ClaimsPrincipal; - var token = await HttpContext.GetTokenAsync("access_token"); + _logger.LogInformation("----- User {@User} authenticated into {AppName}", user, Program.AppName); + if (token != null) { ViewData["access_token"] = token; diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index a2d61a5f3..52a311369 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -238,6 +238,7 @@ namespace Microsoft.eShopOnContainers.WebMVC var useLoadTest = configuration.GetValue("UseLoadTest"); var identityUrl = configuration.GetValue("IdentityUrl"); var callBackUrl = configuration.GetValue("CallBackUrl"); + var sessionCookieLifetime = configuration.GetValue("SessionCookieLifetimeMinutes", 60); // Add Authentication services @@ -246,7 +247,7 @@ namespace Microsoft.eShopOnContainers.WebMVC options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) - .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromHours(2)) + .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime)) .AddOpenIdConnect(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; diff --git a/src/Web/WebMVC/appsettings.json b/src/Web/WebMVC/appsettings.json index 96c75b932..0cf11d76f 100644 --- a/src/Web/WebMVC/appsettings.json +++ b/src/Web/WebMVC/appsettings.json @@ -27,5 +27,6 @@ "InstrumentationKey": "" }, "HttpClientRetryCount": 8, - "HttpClientExceptionsAllowedBeforeBreaking": 7 + "HttpClientExceptionsAllowedBeforeBreaking": 7, + "SessionCookieLifetimeMinutes": 1 } \ No newline at end of file