ayan.poddar/eShopOnContainers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1028 from dotnet-architecture/enhancement/make-token-and-session-cookie-expiry-times-configurable

Browse Source 
Make token and session cookie expiry times configurable
This commit is contained in:
Miguel Veloso 2019-05-07 09:02:16 +01:00 committed by GitHub
commit ec0c15ac84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 65 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
docker-compose.override.yml
View File

@ -326,40 +326,40 @@ services:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=http://0.0.0.0:80
- HealthChecks-UI__HealthChecks__1__Name=WebMVC HTTP Check
- HealthChecks-UI__HealthChecks__1__Uri=http://webmvc/hc
- HealthChecks-UI__HealthChecks__2__Name=WebSPA HTTP Check
- HealthChecks-UI__HealthChecks__2__Uri=http://webspa/hc
- HealthChecks-UI__HealthChecks__3__Name=Web Shopping Aggregator GW HTTP Check
- HealthChecks-UI__HealthChecks__3__Uri=http://webshoppingagg/hc
- HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping Aggregator HTTP Check
- HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingagg/hc
- HealthChecks-UI__HealthChecks__5__Name=Mobile Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__5__Uri=http://mobileshoppingapigw/hc
- HealthChecks-UI__HealthChecks__6__Name=Mobile Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__6__Uri=http://mobilemarketingapigw/hc
- HealthChecks-UI__HealthChecks__7__Name=Web Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__7__Uri=http://webshoppingapigw/hc
- HealthChecks-UI__HealthChecks__8__Name=Web Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__8__Uri=http://webmarketingapigw/hc
- HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Check
- HealthChecks-UI__HealthChecks__9__Uri=http://ordering.api/hc
- HealthChecks-UI__HealthChecks__10__Name=Ordering HTTP Background Check
- HealthChecks-UI__HealthChecks__10__Uri=http://ordering.backgroundtasks/hc
- HealthChecks-UI__HealthChecks__11__Name=Basket HTTP Check
- HealthChecks-UI__HealthChecks__11__Uri=http://basket.api/hc
- HealthChecks-UI__HealthChecks__12__Name=Catalog HTTP Check
- HealthChecks-UI__HealthChecks__12__Uri=http://catalog.api/hc
- HealthChecks-UI__HealthChecks__13__Name=Identity HTTP Check
- HealthChecks-UI__HealthChecks__13__Uri=http://identity.api/hc
- HealthChecks-UI__HealthChecks__14__Name=Marketing HTTP Check
- HealthChecks-UI__HealthChecks__14__Uri=http://marketing.api/hc
- HealthChecks-UI__HealthChecks__15__Name=Locations HTTP Check
- HealthChecks-UI__HealthChecks__15__Uri=http://locations.api/hc
- HealthChecks-UI__HealthChecks__16__Name=Payments HTTP Check
- HealthChecks-UI__HealthChecks__16__Uri=http://payment.api/hc
- HealthChecks-UI__HealthChecks__17__Name=Ordering SignalRHub HTTP Check
- HealthChecks-UI__HealthChecks__17__Uri=http://ordering.signalrhub/hc
- HealthChecks-UI__HealthChecks__0__Name=WebMVC HTTP Check
- HealthChecks-UI__HealthChecks__0__Uri=http://webmvc/hc
- HealthChecks-UI__HealthChecks__1__Name=WebSPA HTTP Check
- HealthChecks-UI__HealthChecks__1__Uri=http://webspa/hc
- HealthChecks-UI__HealthChecks__2__Name=Web Shopping Aggregator GW HTTP Check
- HealthChecks-UI__HealthChecks__2__Uri=http://webshoppingagg/hc
- HealthChecks-UI__HealthChecks__3__Name=Mobile Shopping Aggregator HTTP Check
- HealthChecks-UI__HealthChecks__3__Uri=http://mobileshoppingagg/hc
- HealthChecks-UI__HealthChecks__4__Name=Mobile Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__4__Uri=http://mobileshoppingapigw/hc
- HealthChecks-UI__HealthChecks__5__Name=Mobile Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__5__Uri=http://mobilemarketingapigw/hc
- HealthChecks-UI__HealthChecks__6__Name=Web Shopping API GW HTTP Check
- HealthChecks-UI__HealthChecks__6__Uri=http://webshoppingapigw/hc
- HealthChecks-UI__HealthChecks__7__Name=Web Marketing API GW HTTP Check
- HealthChecks-UI__HealthChecks__7__Uri=http://webmarketingapigw/hc
- HealthChecks-UI__HealthChecks__8__Name=Ordering HTTP Check
- HealthChecks-UI__HealthChecks__8__Uri=http://ordering.api/hc
- HealthChecks-UI__HealthChecks__9__Name=Ordering HTTP Background Check
- HealthChecks-UI__HealthChecks__9__Uri=http://ordering.backgroundtasks/hc
- HealthChecks-UI__HealthChecks__10__Name=Basket HTTP Check
- HealthChecks-UI__HealthChecks__10__Uri=http://basket.api/hc
- HealthChecks-UI__HealthChecks__11__Name=Catalog HTTP Check
- HealthChecks-UI__HealthChecks__11__Uri=http://catalog.api/hc
- HealthChecks-UI__HealthChecks__12__Name=Identity HTTP Check
- HealthChecks-UI__HealthChecks__12__Uri=http://identity.api/hc
- HealthChecks-UI__HealthChecks__13__Name=Marketing HTTP Check
- HealthChecks-UI__HealthChecks__13__Uri=http://marketing.api/hc
- HealthChecks-UI__HealthChecks__14__Name=Locations HTTP Check
- HealthChecks-UI__HealthChecks__14__Uri=http://locations.api/hc
- HealthChecks-UI__HealthChecks__15__Name=Payments HTTP Check
- HealthChecks-UI__HealthChecks__15__Uri=http://payment.api/hc
- HealthChecks-UI__HealthChecks__16__Name=Ordering SignalRHub HTTP Check
- HealthChecks-UI__HealthChecks__16__Uri=http://ordering.signalrhub/hc
- OrderingBackgroundTasksUrl=http://ordering.backgroundtasks/hc
- ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
- OrchestratorType=${ORCHESTRATOR_TYPE}

19
src/Services/Identity/Identity.API/Controllers/AccountController.cs
View File

@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.eShopOnContainers.Services.Identity.API.Models;
using Microsoft.eShopOnContainers.Services.Identity.API.Models.AccountViewModels;
using Microsoft.eShopOnContainers.Services.Identity.API.Services;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
@ -32,6 +33,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
private readonly IClientStore _clientStore;
private readonly ILogger<AccountController> _logger;
private readonly UserManager<ApplicationUser> _userManager;
private readonly IConfiguration _configuration;
public AccountController(
@ -40,13 +42,15 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
IIdentityServerInteractionService interaction,
IClientStore clientStore,
ILogger<AccountController> logger,
UserManager<ApplicationUser> userManager)
UserManager<ApplicationUser> userManager,
IConfiguration configuration)
{
_loginService = loginService;
_interaction = interaction;
_clientStore = clientStore;
_logger = logger;
_userManager = userManager;
_configuration = configuration;
}
/// <summary>
@ -81,20 +85,21 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Controllers
if (await _loginService.ValidateCredentials(user, model.Password))
{
var tokenLifetime = _configuration.GetValue("TokenLifetimeMinutes", 120);
var props = new AuthenticationProperties
{
ExpiresUtc = DateTimeOffset.UtcNow.AddHours(2),
ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(tokenLifetime),
AllowRefresh = true,
RedirectUri = model.ReturnUrl
};
if (model.RememberMe)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.AddYears(10)
};
var permanentTokenLifetime = _configuration.GetValue("PermanentTokenLifetimeDays", 365);
props.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(permanentTokenLifetime);
props.IsPersistent = true;
};
await _loginService.SignInAsync(user, props);

4
src/Services/Identity/Identity.API/appsettings.json
View File

@ -25,5 +25,7 @@
"Name": "eshop",
"ClientId": "your-clien-id",
"ClientSecret": "your-client-secret"
}
},
"TokenLifetimeMinutes": 120,
"PermanentTokenLifetimeDays": 365
}

12
src/Web/WebMVC/Controllers/AccountController.cs
View File

@ -6,19 +6,29 @@ using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.Logging;
using System;
namespace Microsoft.eShopOnContainers.WebMVC.Controllers
{
[Authorize]
public class AccountController : Controller
{
private readonly ILogger<AccountController> _logger;
public AccountController(ILogger<AccountController> logger)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
[Authorize]
public async Task<IActionResult> SignIn(string returnUrl)
{
var user = User as ClaimsPrincipal;
var token = await HttpContext.GetTokenAsync("access_token");
_logger.LogInformation("----- User {@User} authenticated into {AppName}", user, Program.AppName);
if (token != null)
{
ViewData["access_token"] = token;

3
src/Web/WebMVC/Startup.cs
View File

@ -238,6 +238,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
var useLoadTest = configuration.GetValue<bool>("UseLoadTest");
var identityUrl = configuration.GetValue<string>("IdentityUrl");
var callBackUrl = configuration.GetValue<string>("CallBackUrl");
var sessionCookieLifetime = configuration.GetValue("SessionCookieLifetimeMinutes", 60);
// Add Authentication services
@ -246,7 +247,7 @@ namespace Microsoft.eShopOnContainers.WebMVC
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromHours(2))
.AddCookie(setup=>setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

5
src/Web/WebMVC/appsettings.json
View File

@ -27,5 +27,6 @@
"InstrumentationKey": ""
},
"HttpClientRetryCount": 8,
"HttpClientExceptionsAllowedBeforeBreaking": 7
}
"HttpClientExceptionsAllowedBeforeBreaking": 7,
"SessionCookieLifetimeMinutes": 60
}