Merge pull request #1028 from dotnet-architecture/enhancement/make-token-and-session-cookie-expiry-times-configurable

Make token and session cookie expiry times configurable

docker-compose.override.yml

@@ -326,40 +326,40 @@ services:
     environment:
       - ASPNETCORE_ENVIRONMENT=Production
       - ASPNETCORE_URLS=http://0.0.0.0:80
-      - HealthChecks-UI__HealthChecks__1__Name=WebMVC HTTP Check
-      - HealthChecks-UI__HealthChecks__1__Uri=http://webmvc/hc
-      - HealthChecks-UI__HealthChecks__2__Name=WebSPA HTTP Check
-      - HealthChecks-UI__HealthChecks__2__Uri=http://webspa/hc
-      - HealthChecks-UI__HealthChecks__3__Name=Web Shopping Aggregator GW HTTP Check
-      - HealthChecks-UI__HealthChecks__3__Uri=http://webshoppingagg/hc
-      - HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping Aggregator HTTP Check
-      - HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingagg/hc
-      - HealthChecks-UI__HealthChecks__5__Name=Mobile Shopping API GW HTTP Check
-      - HealthChecks-UI__HealthChecks__5__Uri=http://mobileshoppingapigw/hc
-      - HealthChecks-UI__HealthChecks__6__Name=Mobile Marketing API GW HTTP Check
-      - HealthChecks-UI__HealthChecks__6__Uri=http://mobilemarketingapigw/hc
-      - HealthChecks-UI__HealthChecks__7__Name=Web Shopping API GW HTTP Check
-      - HealthChecks-UI__HealthChecks__7__Uri=http://webshoppingapigw/hc
-      - HealthChecks-UI__HealthChecks__8__Name=Web Marketing API GW HTTP Check
-      - HealthChecks-UI__HealthChecks__8__Uri=http://webmarketingapigw/hc
-      - HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Check
-      - HealthChecks-UI__HealthChecks__9__Uri=http://ordering.api/hc
-      - HealthChecks-UI__HealthChecks__10__Name=Ordering HTTP Background Check
-      - HealthChecks-UI__HealthChecks__10__Uri=http://ordering.backgroundtasks/hc
-      - HealthChecks-UI__HealthChecks__11__Name=Basket HTTP Check
-      - HealthChecks-UI__HealthChecks__11__Uri=http://basket.api/hc
-      - HealthChecks-UI__HealthChecks__12__Name=Catalog HTTP Check
-      - HealthChecks-UI__HealthChecks__12__Uri=http://catalog.api/hc
-      - HealthChecks-UI__HealthChecks__13__Name=Identity HTTP Check
-      - HealthChecks-UI__HealthChecks__13__Uri=http://identity.api/hc
-      - HealthChecks-UI__HealthChecks__14__Name=Marketing HTTP Check
-      - HealthChecks-UI__HealthChecks__14__Uri=http://marketing.api/hc
-      - HealthChecks-UI__HealthChecks__15__Name=Locations HTTP Check
-      - HealthChecks-UI__HealthChecks__15__Uri=http://locations.api/hc
-      - HealthChecks-UI__HealthChecks__16__Name=Payments HTTP Check
-      - HealthChecks-UI__HealthChecks__16__Uri=http://payment.api/hc
-      - HealthChecks-UI__HealthChecks__17__Name=Ordering SignalRHub HTTP Check
-      - HealthChecks-UI__HealthChecks__17__Uri=http://ordering.signalrhub/hc      
+      - HealthChecks-UI__HealthChecks__0__Name=WebMVC HTTP Check
+      - HealthChecks-UI__HealthChecks__0__Uri=http://webmvc/hc
+      - HealthChecks-UI__HealthChecks__1__Name=WebSPA HTTP Check
+      - HealthChecks-UI__HealthChecks__1__Uri=http://webspa/hc
+      - HealthChecks-UI__HealthChecks__2__Name=Web Shopping Aggregator GW HTTP Check
+      - HealthChecks-UI__HealthChecks__2__Uri=http://webshoppingagg/hc
+      - HealthChecks-UI__HealthChecks__3__Name=Mobile Shopping Aggregator HTTP Check
+      - HealthChecks-UI__HealthChecks__3__Uri=http://mobileshoppingagg/hc
+      - HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping API GW HTTP Check
+      - HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingapigw/hc
+      - HealthChecks-UI__HealthChecks__5__Name=Mobile Marketing API GW HTTP Check
+      - HealthChecks-UI__HealthChecks__5__Uri=http://mobilemarketingapigw/hc
+      - HealthChecks-UI__HealthChecks__6__Name=Web Shopping API GW HTTP Check
+      - HealthChecks-UI__HealthChecks__6__Uri=http://webshoppingapigw/hc
+      - HealthChecks-UI__HealthChecks__7__Name=Web Marketing API GW HTTP Check
+      - HealthChecks-UI__HealthChecks__7__Uri=http://webmarketingapigw/hc
+      - HealthChecks-UI__HealthChecks__8__Name=Ordering HTTP Check
+      - HealthChecks-UI__HealthChecks__8__Uri=http://ordering.api/hc
+      - HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Background Check
+      - HealthChecks-UI__HealthChecks__9__Uri=http://ordering.backgroundtasks/hc
+      - HealthChecks-UI__HealthChecks__10__Name=Basket HTTP Check
+      - HealthChecks-UI__HealthChecks__10__Uri=http://basket.api/hc
+      - HealthChecks-UI__HealthChecks__11__Name=Catalog HTTP Check
+      - HealthChecks-UI__HealthChecks__11__Uri=http://catalog.api/hc
+      - HealthChecks-UI__HealthChecks__12__Name=Identity HTTP Check
+      - HealthChecks-UI__HealthChecks__12__Uri=http://identity.api/hc
+      - HealthChecks-UI__HealthChecks__13__Name=Marketing HTTP Check
+      - HealthChecks-UI__HealthChecks__13__Uri=http://marketing.api/hc
+      - HealthChecks-UI__HealthChecks__14__Name=Locations HTTP Check
+      - HealthChecks-UI__HealthChecks__14__Uri=http://locations.api/hc
+      - HealthChecks-UI__HealthChecks__15__Name=Payments HTTP Check
+      - HealthChecks-UI__HealthChecks__15__Uri=http://payment.api/hc
+      - HealthChecks-UI__HealthChecks__16__Name=Ordering SignalRHub HTTP Check
+      - HealthChecks-UI__HealthChecks__16__Uri=http://ordering.signalrhub/hc      
       - OrderingBackgroundTasksUrl=http://ordering.backgroundtasks/hc
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}

src/Services/Identity/Identity.API/Controllers/AccountController.cs

@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models;
 using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
 using Microsoft.eShopOnContainers.Services.Identity.API.Services;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 
 namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
@@ -32,6 +33,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
         private readonly IClientStore _clientStore;
         private readonly ILogger<AccountController> _logger;
         private readonly UserManager<ApplicationUser> _userManager;
+        private readonly IConfiguration _configuration;
 
         public AccountController(
 
@@ -40,13 +42,15 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
             IIdentityServerInteractionService interaction,
             IClientStore clientStore,
             ILogger<AccountController> logger,
-            UserManager<ApplicationUser> userManager)
+            UserManager<ApplicationUser> userManager,
+            IConfiguration configuration)
         {
             _loginService = loginService;
             _interaction = interaction;
             _clientStore = clientStore;
             _logger = logger;
             _userManager = userManager;
+            _configuration = configuration;
         }
 
         /// <summary>
@@ -81,20 +85,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
 
                 if (await _loginService.ValidateCredentials(user, model.Password))
                 {
+                    var tokenLifetime = _configuration.GetValue("TokenLifetimeMinutes", 120);
+
                     var props = new AuthenticationProperties
                     {
-                        ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2),
+                        ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(tokenLifetime),
                         AllowRefresh = true,
                         RedirectUri = model.ReturnUrl
                     };
 
                     if (model.RememberMe)
                     {
-                        props = new AuthenticationProperties
-                        {
-                            IsPersistent = true,
-                            ExpiresUtc = DateTimeOffset.UtcNow.AddYears(10)
-                        };
+                        var permanentTokenLifetime = _configuration.GetValue("PermanentTokenLifetimeDays", 365);
+
+                        props.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(permanentTokenLifetime);
+                        props.IsPersistent = true;
                     };
 
                     await _loginService.SignInAsync(user, props);

src/Services/Identity/Identity.API/appsettings.json

@@ -25,5 +25,7 @@
     "Name": "eshop",
     "ClientId": "your-clien-id",
     "ClientSecret": "your-client-secret"
-  }
+  },
+  "TokenLifetimeMinutes": 120,
+  "PermanentTokenLifetimeDays": 365
 }

src/Web/WebMVC/Controllers/AccountController.cs

@@ -6,19 +6,29 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.Extensions.Logging;
+using System;
 
 namespace Microsoft.eShopOnContainers.WebMVC.Controllers
 {
     [Authorize]
     public class AccountController : Controller
     {
+        private readonly ILogger<AccountController> _logger;
+
+        public AccountController(ILogger<AccountController> logger)
+        {
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
         [Authorize]
         public async Task<IActionResult> SignIn(string returnUrl)
         {
             var user = User as ClaimsPrincipal;
-
             var token = await HttpContext.GetTokenAsync("access_token");
 
+            _logger.LogInformation("----- User {@User} authenticated into {AppName}", user, Program.AppName);
+
             if (token != null)
             {
                 ViewData["access_token"] = token;

src/Web/WebMVC/Startup.cs

@@ -238,6 +238,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
             var useLoadTest = configuration.GetValue<bool>("UseLoadTest");
             var identityUrl = configuration.GetValue<string>("IdentityUrl");
             var callBackUrl = configuration.GetValue<string>("CallBackUrl");
+            var sessionCookieLifetime = configuration.GetValue("SessionCookieLifetimeMinutes", 60);
 
             // Add Authentication services          
 
@@ -246,7 +247,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
                 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
             })
-            .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromHours(2))
+            .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
             .AddOpenIdConnect(options =>
             {
                 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

src/Web/WebMVC/appsettings.json

@@ -27,5 +27,6 @@
     "InstrumentationKey": ""
   },
   "HttpClientRetryCount": 8,
-  "HttpClientExceptionsAllowedBeforeBreaking": 7
-}
+  "HttpClientExceptionsAllowedBeforeBreaking": 7,
+  "SessionCookieLifetimeMinutes": 60
+}