Make token and session cookie expiry times configurable, for testing expiration handling

src/Services/Identity/Identity.API/Controllers/AccountController.cs

@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
 using Microsoft.eShopOnContainers.Services.Identity.API.Services;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
@@ -32,6 +33,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
         private readonly IClientStore _clientStore;
         private readonly ILogger<AccountController> _logger;
         private readonly UserManager<ApplicationUser> _userManager;
+        private readonly IConfiguration _configuration;
 
         public AccountController(
 
@@ -40,13 +42,15 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
             IIdentityServerInteractionService interaction,
             IClientStore clientStore,
             ILogger<AccountController> logger,
-            UserManager<ApplicationUser> userManager)
+            UserManager<ApplicationUser> userManager,
+            IConfiguration configuration)
         {
             _loginService = loginService;
             _interaction = interaction;
             _clientStore = clientStore;
             _logger = logger;
             _userManager = userManager;
+            _configuration = configuration;
         }
 
         /// <summary>
@@ -81,20 +85,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
 
                 if (await _loginService.ValidateCredentials(user, model.Password))
                 {
+                    var tokenLifetime = _configuration.GetValue("TokenLifetimeMinutes", 120);
+
                     var props = new AuthenticationProperties
                     {
-                        ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2),
+                        ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(tokenLifetime),
                         AllowRefresh = true,
                         RedirectUri = model.ReturnUrl
                     };
 
                     if (model.RememberMe)
                     {
-                        props = new AuthenticationProperties
+                        var permanentTokenLifetime = _configuration.GetValue("PermanentTokenLifetimeDays", 365);
-                        {
+
-                            IsPersistent = true,
+                        props.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(permanentTokenLifetime);
-                            ExpiresUtc = DateTimeOffset.UtcNow.AddYears(10)
+                        props.IsPersistent = true;
-                        };
                     };
 
                     await _loginService.SignInAsync(user, props);

src/Services/Identity/Identity.API/appsettings.json

@@ -25,5 +25,7 @@
     "Name": "eshop",
     "ClientId": "your-clien-id",
     "ClientSecret": "your-client-secret"
-  }
+  },
+  "TokenLifetimeMinutes": 120,
+  "PermanentTokenLifetimeDays": 365
 }

src/Web/WebMVC/Controllers/AccountController.cs

@@ -6,19 +6,29 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.Extensions.Logging;
+using System;
 
 namespace Microsoft.eShopOnContainers.WebMVC.Controllers
 {
     [Authorize]
     public class AccountController : Controller
     {
+        private readonly ILogger<AccountController> _logger;
+
+        public AccountController(ILogger<AccountController> logger)
+        {
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
         [Authorize]
         public async Task<IActionResult> SignIn(string returnUrl)
         {
             var user = User as ClaimsPrincipal;
-
             var token = await HttpContext.GetTokenAsync("access_token");
 
+            _logger.LogInformation("----- User {@User} authenticated into {AppName}", user, Program.AppName);
+
             if (token != null)
             {
                 ViewData["access_token"] = token;

src/Web/WebMVC/Startup.cs

@@ -238,6 +238,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
             var useLoadTest = configuration.GetValue<bool>("UseLoadTest");
             var identityUrl = configuration.GetValue<string>("IdentityUrl");
             var callBackUrl = configuration.GetValue<string>("CallBackUrl");
+            var sessionCookieLifetime = configuration.GetValue("SessionCookieLifetimeMinutes", 60);
 
             // Add Authentication services          
 
@@ -246,7 +247,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
                 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
             })
-            .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromHours(2))
+            .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
             .AddOpenIdConnect(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

src/Web/WebMVC/appsettings.json

@@ -27,5 +27,6 @@
     "InstrumentationKey": ""
   },
   "HttpClientRetryCount": 8,
-  "HttpClientExceptionsAllowedBeforeBreaking": 7
+  "HttpClientExceptionsAllowedBeforeBreaking": 7,
+  "SessionCookieLifetimeMinutes": 1
 }