ayan.poddar/eShopOnContainers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1028 from dotnet-architecture/enhancement/make-token-and-session-cookie-expiry-times-configurable

Browse Source 
Make token and session cookie expiry times configurable
This commit is contained in:
Miguel Veloso 2019-05-07 09:02:16 +01:00 committed by GitHub
commit ec0c15ac84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 65 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
docker-compose.override.yml
View File

@ -326,40 +326,40 @@ services:
environment: environment:
- ASPNETCORE_ENVIRONMENT=Production - ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=http://0.0.0.0:80 - ASPNETCORE_URLS=http://0.0.0.0:80
- HealthChecks-UI__HealthChecks__1__Name=WebMVC HTTP Check - HealthChecks-UI__HealthChecks__0__Name=WebMVC HTTP Check
- HealthChecks-UI__HealthChecks__1__Uri=http://webmvc/hc - HealthChecks-UI__HealthChecks__0__Uri=http://webmvc/hc
- HealthChecks-UI__HealthChecks__2__Name=WebSPA HTTP Check - HealthChecks-UI__HealthChecks__1__Name=WebSPA HTTP Check
- HealthChecks-UI__HealthChecks__2__Uri=http://webspa/hc - HealthChecks-UI__HealthChecks__1__Uri=http://webspa/hc
- HealthChecks-UI__HealthChecks__3__Name=Web Shopping Aggregator GW HTTP Check - HealthChecks-UI__HealthChecks__2__Name=Web Shopping Aggregator GW HTTP Check
- HealthChecks-UI__HealthChecks__3__Uri=http://webshoppingagg/hc - HealthChecks-UI__HealthChecks__2__Uri=http://webshoppingagg/hc
- HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping Aggregator HTTP Check - HealthChecks-UI__HealthChecks__3__Name=Mobile Shopping Aggregator HTTP Check
- HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingagg/hc - HealthChecks-UI__HealthChecks__3__Uri=http://mobileshoppingagg/hc
- HealthChecks-UI__HealthChecks__5__Name=Mobile Shopping API GW HTTP Check - HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__5__Uri=http://mobileshoppingapigw/hc - HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingapigw/hc
- HealthChecks-UI__HealthChecks__6__Name=Mobile Marketing API GW HTTP Check - HealthChecks-UI__HealthChecks__5__Name=Mobile Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__6__Uri=http://mobilemarketingapigw/hc - HealthChecks-UI__HealthChecks__5__Uri=http://mobilemarketingapigw/hc
- HealthChecks-UI__HealthChecks__7__Name=Web Shopping API GW HTTP Check - HealthChecks-UI__HealthChecks__6__Name=Web Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__7__Uri=http://webshoppingapigw/hc - HealthChecks-UI__HealthChecks__6__Uri=http://webshoppingapigw/hc
- HealthChecks-UI__HealthChecks__8__Name=Web Marketing API GW HTTP Check - HealthChecks-UI__HealthChecks__7__Name=Web Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__8__Uri=http://webmarketingapigw/hc - HealthChecks-UI__HealthChecks__7__Uri=http://webmarketingapigw/hc
- HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Check - HealthChecks-UI__HealthChecks__8__Name=Ordering HTTP Check
- HealthChecks-UI__HealthChecks__9__Uri=http://ordering.api/hc - HealthChecks-UI__HealthChecks__8__Uri=http://ordering.api/hc
- HealthChecks-UI__HealthChecks__10__Name=Ordering HTTP Background Check - HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Background Check
- HealthChecks-UI__HealthChecks__10__Uri=http://ordering.backgroundtasks/hc - HealthChecks-UI__HealthChecks__9__Uri=http://ordering.backgroundtasks/hc
- HealthChecks-UI__HealthChecks__11__Name=Basket HTTP Check - HealthChecks-UI__HealthChecks__10__Name=Basket HTTP Check
- HealthChecks-UI__HealthChecks__11__Uri=http://basket.api/hc - HealthChecks-UI__HealthChecks__10__Uri=http://basket.api/hc
- HealthChecks-UI__HealthChecks__12__Name=Catalog HTTP Check - HealthChecks-UI__HealthChecks__11__Name=Catalog HTTP Check
- HealthChecks-UI__HealthChecks__12__Uri=http://catalog.api/hc - HealthChecks-UI__HealthChecks__11__Uri=http://catalog.api/hc
- HealthChecks-UI__HealthChecks__13__Name=Identity HTTP Check - HealthChecks-UI__HealthChecks__12__Name=Identity HTTP Check
- HealthChecks-UI__HealthChecks__13__Uri=http://identity.api/hc - HealthChecks-UI__HealthChecks__12__Uri=http://identity.api/hc
- HealthChecks-UI__HealthChecks__14__Name=Marketing HTTP Check - HealthChecks-UI__HealthChecks__13__Name=Marketing HTTP Check
- HealthChecks-UI__HealthChecks__14__Uri=http://marketing.api/hc - HealthChecks-UI__HealthChecks__13__Uri=http://marketing.api/hc
- HealthChecks-UI__HealthChecks__15__Name=Locations HTTP Check - HealthChecks-UI__HealthChecks__14__Name=Locations HTTP Check
- HealthChecks-UI__HealthChecks__15__Uri=http://locations.api/hc - HealthChecks-UI__HealthChecks__14__Uri=http://locations.api/hc
- HealthChecks-UI__HealthChecks__16__Name=Payments HTTP Check - HealthChecks-UI__HealthChecks__15__Name=Payments HTTP Check
- HealthChecks-UI__HealthChecks__16__Uri=http://payment.api/hc - HealthChecks-UI__HealthChecks__15__Uri=http://payment.api/hc
- HealthChecks-UI__HealthChecks__17__Name=Ordering SignalRHub HTTP Check - HealthChecks-UI__HealthChecks__16__Name=Ordering SignalRHub HTTP Check
- HealthChecks-UI__HealthChecks__17__Uri=http://ordering.signalrhub/hc - HealthChecks-UI__HealthChecks__16__Uri=http://ordering.signalrhub/hc
- OrderingBackgroundTasksUrl=http://ordering.backgroundtasks/hc - OrderingBackgroundTasksUrl=http://ordering.backgroundtasks/hc
- ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
- OrchestratorType=${ORCHESTRATOR_TYPE} - OrchestratorType=${ORCHESTRATOR_TYPE}

19
src/Services/Identity/Identity.API/Controllers/AccountController.cs
View File

@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.eShopOnContainers.Services.Identity.API.Models; using Microsoft.eShopOnContainers.Services.Identity.API.Models;
using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels; using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
using Microsoft.eShopOnContainers.Services.Identity.API.Services; using Microsoft.eShopOnContainers.Services.Identity.API.Services;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
@ -32,6 +33,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
private readonly IClientStore _clientStore; private readonly IClientStore _clientStore;
private readonly ILogger<AccountController> _logger; private readonly ILogger<AccountController> _logger;
private readonly UserManager<ApplicationUser> _userManager; private readonly UserManager<ApplicationUser> _userManager;
private readonly IConfiguration _configuration;
public AccountController( public AccountController(
@ -40,13 +42,15 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
IIdentityServerInteractionService interaction, IIdentityServerInteractionService interaction,
IClientStore clientStore, IClientStore clientStore,
ILogger<AccountController> logger, ILogger<AccountController> logger,
UserManager<ApplicationUser> userManager) UserManager<ApplicationUser> userManager,
IConfiguration configuration)
{ {
_loginService = loginService; _loginService = loginService;
_interaction = interaction; _interaction = interaction;
_clientStore = clientStore; _clientStore = clientStore;
_logger = logger; _logger = logger;
_userManager = userManager; _userManager = userManager;
_configuration = configuration;
} }
/// <summary> /// <summary>
@ -81,20 +85,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
if (await _loginService.ValidateCredentials(user, model.Password)) if (await _loginService.ValidateCredentials(user, model.Password))
{ {
var tokenLifetime = _configuration.GetValue("TokenLifetimeMinutes", 120);
var props = new AuthenticationProperties var props = new AuthenticationProperties
{ {
ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2), ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(tokenLifetime),
AllowRefresh = true, AllowRefresh = true,
RedirectUri = model.ReturnUrl RedirectUri = model.ReturnUrl
}; };
if (model.RememberMe) if (model.RememberMe)
{ {
props = new AuthenticationProperties var permanentTokenLifetime = _configuration.GetValue("PermanentTokenLifetimeDays", 365);
{
IsPersistent = true, props.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(permanentTokenLifetime);
ExpiresUtc = DateTimeOffset.UtcNow.AddYears(10) props.IsPersistent = true;
};
}; };
await _loginService.SignInAsync(user, props); await _loginService.SignInAsync(user, props);

4
src/Services/Identity/Identity.API/appsettings.json
View File

@ -25,5 +25,7 @@
"Name": "eshop", "Name": "eshop",
"ClientId": "your-clien-id", "ClientId": "your-clien-id",
"ClientSecret": "your-client-secret" "ClientSecret": "your-client-secret"
} },
"TokenLifetimeMinutes": 120,
"PermanentTokenLifetimeDays": 365
} }

12
src/Web/WebMVC/Controllers/AccountController.cs
View File

@ -6,19 +6,29 @@ using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.Logging;
using System;
namespace Microsoft.eShopOnContainers.WebMVC.Controllers namespace Microsoft.eShopOnContainers.WebMVC.Controllers
{ {
[Authorize] [Authorize]
public class AccountController : Controller public class AccountController : Controller
{ {
private readonly ILogger<AccountController> _logger;
public AccountController(ILogger<AccountController> logger)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
[Authorize] [Authorize]
public async Task<IActionResult> SignIn(string returnUrl) public async Task<IActionResult> SignIn(string returnUrl)
{ {
var user = User as ClaimsPrincipal; var user = User as ClaimsPrincipal;
var token = await HttpContext.GetTokenAsync("access_token"); var token = await HttpContext.GetTokenAsync("access_token");
_logger.LogInformation("----- User {@User} authenticated into {AppName}", user, Program.AppName);
if (token != null) if (token != null)
{ {
ViewData["access_token"] = token; ViewData["access_token"] = token;

3
src/Web/WebMVC/Startup.cs
View File

@ -238,6 +238,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
var useLoadTest = configuration.GetValue<bool>("UseLoadTest"); var useLoadTest = configuration.GetValue<bool>("UseLoadTest");
var identityUrl = configuration.GetValue<string>("IdentityUrl"); var identityUrl = configuration.GetValue<string>("IdentityUrl");
var callBackUrl = configuration.GetValue<string>("CallBackUrl"); var callBackUrl = configuration.GetValue<string>("CallBackUrl");
var sessionCookieLifetime = configuration.GetValue("SessionCookieLifetimeMinutes", 60);
// Add Authentication services // Add Authentication services
@ -246,7 +247,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}) })
.AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromHours(2)) .AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
.AddOpenIdConnect(options => .AddOpenIdConnect(options =>
{ {
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

3
src/Web/WebMVC/appsettings.json
View File

@ -27,5 +27,6 @@
"InstrumentationKey": "" "InstrumentationKey": ""
}, },
"HttpClientRetryCount": 8, "HttpClientRetryCount": 8,
"HttpClientExceptionsAllowedBeforeBreaking": 7 "HttpClientExceptionsAllowedBeforeBreaking": 7,
"SessionCookieLifetimeMinutes": 60
} }