SignalR ID and ASP.NET ExpireTimeSpan

Question

SignalR ID and ASP.NET ExpireTimeSpan

I am using an ASP.NET cookie-based authentication identifier. I set ExpireTimeSpan in the CookieAuthenticationOptions class to control how long the inactivity time is allowed before the user logs back in.

This all works fine, but when I add SignalR to the application, the user no longer needs to log in after a period of inactivity. SignalR periodically makes a ping request, and I assume that this leads to an extension of the cookie.

I am looking for a way to not extend cookie expiration for SignalR URLs.

I reviewed some of the code in Microsoft.Owin.Security.Cookies and in particular the CookieAuthenticationHandler class. There is logic in the AuthenticateCoreAsync method to decide whether to update a cookie. However, the CookieAuthenticationHandler class is internal, so I cannot override this method.

Any ideas if there is a hook I can use for this?

+4

asp.net-identity signalr

Downchapel Apr 9 '14 at 12:26

source share

1 answer

WebDever · Answer 1 · 2014-08-18T20:06:20+0000

We decided at my company by removing cookies from the signalr response using the HttpModule.

public class NoFormsAuthenticationModule : IHttpModule
{
    public void Init(HttpApplication context)
    {
        context.PreSendRequestHeaders += OnPreSendRequestHeaders;
    }

    protected void OnPreSendRequestHeaders(object sender, EventArgs e)
    {
        var httpContext = ((HttpApplication)sender).Context;

        var path = httpContext.Request.Path;

        var noAuthentUrls = new string[] { "/signalr/" };

        foreach (var url in noAuthentUrls)
        {
            var noAuthentication = path.IndexOf(url, StringComparison.OrdinalIgnoreCase) > -1;

            if (noAuthentication)
                httpContext.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
        }            
    }

}

Hope this helps you.

Remember to add entries to web.config:

< system.web >
       <HttpModules>          < add name= "NoFormsAuthenticationModule" type = "Site.Components.HttpModules.NoFormsAuthenticationModule" / " >
< system.webServer >      < runAllManagedModulesForAllRequests =" true" >
       < add name= "NoFormsAuthenticationModule" type = "Site.Components.HttpModules.NoFormsAuthenticationModule" /" >
...

SignalR ID and ASP.NET ExpireTimeSpan

More articles: