我希望能更好地理解.NET的Identity OnValidateIdentity方法是如何工作的。我已经在我的应用程序中设置了以下代码:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieName = "LoginCookie",
ExpireTimeSpan = TimeSpan.FromHours(1),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromHours(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
这里的OnValidateIdentity有一个检查角色,用于检查用户访问我的网站时cookie的年龄是否比我在此处设置的cookie的年龄(即1小时)更老 - 如果是,则强制用户重新登录应用程序。这就是它确切的工作方式吗?
Microsoft.AspNet.Identity.Owin.SecurityStampValidator
。 - JHBonarius