Can you configure OWIN cookie authentication to prevent certain URLs from affecting rolling expiration?

Question

Can you configure OWIN cookie authentication to prevent certain URLs from affecting rolling expiration?

We have an ASP.NET MVC 5 application using OWIN cookie expiration authentication. On the client, we have a script that checks the web service for notifications every minute. We would like this web service call not to force the expiration of the authentication token. Is there any way to do this?

I considered the possibility of implementing my own accelerated expiration method in the OnValidateIdentity handler, but setting ExpiresUtc in this method does not actually affect the expiration date.

app.UseCookieAuthentication(new CookieAuthenticationOptions { Provider = new CookieAuthenticationProvider { OnValidateIdentity = cookieValidateIdentityContext => { cookieValidateIdentityContext.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(-1); return Task.FromResult(0); } }, AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, AuthenticationMode = AuthenticationMode.Active, LoginPath = new PathString("/"), SlidingExpiration = false, LogoutPath = new PathString("/Sessions/Logout") });

Any help is appreciated!

+6

c # asp.net-mvc owin

John hann Mar 31 '15 at 18:23

source share

1 answer

Brannon · Answer 1 · 2015-11-17T06:02:42+0000

I have not tested this, but it should work theoretically:

 app.Use("/path1", app2 => app2.UseCookieAuthentication(...)); app.Use("/path2", app3 => app3.UseCookieAuthentication(...)); app.UseCookieAuthentication(...);

It is very important to streamline the Use call. The great thing about Owin is the ability to override any behavior on subfolders.

Can you configure OWIN cookie authentication to prevent certain URLs from affecting rolling expiration?

More articles: