How to use Asp.Net Identity to achieve this effect

Question

User-1580372550 posted

I would like to use Identity to achieve this effect: 30 minutes without the operation, authorization expired.

Thanks.

Answer 1

User-491950272 posted

I've never done such a demo practically, but I've some suggestions here are:

Use jQuery to listen to the Mouse Move (mousemove) event and make a form post open setting time as

var timeout = null;

$(document).on('mousemove', function() {
    clearTimeout(timeout);

    timeout = setTimeout(function() {
        $('#form').submit();
    }, 3000); // for example for 3 seconds of idle pointer.
});

And in the post action of the form, just use 

await _signInManager.SignOutAsync();

To get the user log out.

Answer 2

User614698185 posted

Hi yuweiyuan,

Identity already embeds expiry time in the cookie data and it is checked by OWIN.

To limit cookie life set ExpireTimeSpan to 30 min in ConfigureAuth method in Startup.Auth.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

Best Regards,

Candice Zhou