locked
ASP.NET Identity Logs out on Server but not Locally RRS feed

  • Question

  • User-1655763558 posted

    I have an MVC 5 web application that uses ASP.NET Identity with individual user accounts.  Usually I am able to use this infrastructure without making any changes to successfully authenticate users and control application access.  In this case, however, I consistently get blocked from accessing private methods on my staging environment (which is live on the internet) yet I never get logged out or denied access on my local server.   I've tried setting the Cookie ValidateInterval and Expire TimeSpan to 10 days each but it makes no difference.  I can log in to the site and usually load 1 or 2 views before I get logged out and redirected to login.  I am just using [Authorize] on all of my own controllers.  I can't figure out why this works locally but not live and would appreciate any help.  Thanks.

    Monday, October 8, 2018 3:35 PM

All replies

  • User475983607 posted

    I have an MVC 5 web application that uses ASP.NET Identity with individual user accounts.  Usually I am able to use this infrastructure without making any changes to successfully authenticate users and control application access.  In this case, however, I consistently get blocked from accessing private methods on my staging environment (which is live on the internet) yet I never get logged out or denied access on my local server.   I've tried setting the Cookie ValidateInterval and Expire TimeSpan to 10 days each but it makes no difference.  I can log in to the site and usually load 1 or 2 views before I get logged out and redirected to login.  I am just using [Authorize] on all of my own controllers.  I can't figure out why this works locally but not live and would appreciate any help.  Thanks.

    Is there anyway, yo can post code that reproduces this issue?  Without the code there is not much we can do but guess.

    Monday, October 8, 2018 3:41 PM
  • User-1655763558 posted

    Here is the top of one of the 3 controllers that requires authentication.  I can provide more code if that helps.  The AccountController is unchanged from what the Individual User Accounts Authentication option generates at project startup.

    namespace Exit.Controllers
    {
    [Authorize]
    public class ListingsController : Controller
    {
    private ExitModel db = new ExitModel();

    // GET: Listings
    public ActionResult Index(string filter)
    {
    var listings = new List<Listing>();

    switch (filter)
    {
    case "all":
    listings = db.Listings.ToList();
    ViewBag.Filter = "all";
    break;
    case "archive":
    listings = db.Listings.Where(a => a.Active == false).ToList();
    ViewBag.Filter = "archive";
    break;
    default:
    listings = db.Listings.Where(a => a.Active == true).ToList();
    ViewBag.Filter = "active";
    break;
    }

    //db.Listings.Include(l => l.Agent);
    return View(listings);
    }

    ConfigureAuth Method in Startup.Auth.cs:  (most of this is the boilerplate code.  when it kept logging me out I tried increasing the Validate Interval and I added the Expiry Time Span to no avail).

    public void ConfigureAuth(IAppBuilder app)
    {
    // Configure the db context, user manager and signin manager to use a single instance per request
    app.CreatePerOwinContext(ApplicationDbContext.Create);
    app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
    app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

    // Enable the application to use a cookie to store information for the signed in user
    // and to use a cookie to temporarily store information about a user logging in with a third party login provider
    // Configure the sign in cookie
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
    // Enables the application to validate the security stamp when the user logs in.
    // This is a security feature which is used when you change a password or add an external login to your account.
    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
    validateInterval: TimeSpan.FromDays(10), //FromMinutes(30),
    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    },
    ExpireTimeSpan = TimeSpan.FromDays(10)
    });

    CookieAuthenticationProvider cookieProvider = new CookieAuthenticationProvider();

    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

    // Enables the application to remember the second login verification factor such as phone or email.
    // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
    // This is similar to the RememberMe option when you log in.
    app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);


    }

    Monday, October 8, 2018 3:46 PM
  • User475983607 posted

    I still don't understand what problem you are trying to solve. 

    My best guess is you are getting logged out unexpectedly?  This can happen when moving to a load balanced environment.  One of the applications is not able to decode the auth cookie due to using different machine keys.

    Monday, October 8, 2018 4:12 PM
  • User-1655763558 posted

    Yes, I am logged out unexpectedly on the server, but not on my local iis express.  The server is a traditional shared IIS environment (not a cloud service) so if there is load balancing on it I don't have access to it (that I know of).  How would I find this out or adjust needed settings?

    I can't be timing out as I am clicking through the various navigation links after logging in and within 5 to 10 requests I am logged back out.  I tried restarting the IIS app pool to see if that makes any difference but I get the same result unfortunately.

    Monday, October 8, 2018 5:38 PM
  • User-1655763558 posted

    This seemed to fix it: the machineKey solution here: https://stackoverflow.com/questions/36262443/users-log-out-very-quickly.

    Monday, October 8, 2018 6:27 PM