I’m used the CredentialsAuthProvider method to login in, I want to close the browser, the user info logout or expired. how to set ?
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[]
{
new BasicAuthProvider(AppSettings) {PersistSession = true}, //Sign-in with Basic Auth
new CredentialsAuthProvider(AppSettings) {SkipPasswordVerificationForInProcessRequests = true, PersistSession =true},
The CredentialsAuthProvider is an auth service, using it with a browser is one option, but it isn’t inherently tied to a browser, be it open or closed. You would have to manage that behavior yourself. Eg, by using something like Window.close() with whatever logic you think is right for your use case. If you are trying to force a logout, you will need to get your client (browser) to call the /auth/logout endpoint as well to ensure the use is logged out.
thanks, If I set SessionExpiry , It will expired 10 seconds later even if busy, But I want a setting like the session IdleTimeOut, how to set the idletimeout in authprovider?
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[]
{
new BasicAuthProvider(AppSettings) {PersistSession = true}, //Sign-in with Basic Auth
new CredentialsAuthProvider(AppSettings) {SkipPasswordVerificationForInProcessRequests = true, PersistSession =true, SessionExpiry = TimeSpan.FromSeconds(10)},
services.AddSession(options =>
{
// Set a short timeout for easy testing.
options.IdleTimeout = TimeSpan.FromMinutes(20);
options.Cookie.HttpOnly = true;
});
in HomeController called this function, not invoke SlidingSession or GlobalResponseFilters, will expired in 10 seconds. Is there any setting is wrong?
var helloRequest = new IsValidOAUser { ZGGH = "123" };
var response = Gateway.Send(helloRequest);
var httpReq = base.Request.ToRequest();
var sessionKey = SessionFeature.GetSessionKey(httpReq.GetSessionId());
var session = await httpReq.GetCacheClientAsync().GetAsync<IAuthSession>(sessionKey);
By HomeController I assume you mean a separate MVC controller you have setup? The response filter attribute will only be activated here when the user is interacting with services in your GYService class since that is what it is applied to. The use of GlobalResponseFiltersAsync will be applied to all Servicestack services. How are you declaring your HomeController? Are to using a ServiceStackController as a base class shown in the example in the documentation?
If you can provide a way for me to reproduce the issue in a GitHub repository, I can take a closer look.
Calling a service like from the server side will not fire a request/response filter as these are Internal Requests. Your GlobalResponseFilter should be firing since your Controller is inheriting from the ServiceStackController, however, since it is a response filter, it will only fire on the way out, so your ViewData will not be updated in that way, but the following response should reflect that your session expiry is sliding from the previous request.
I founded I changed the code like below, not Internal Requests, GlobalResponseFilter works. but I want only user view the page can extend the user session expire time, not to call other external request, is there any way?
var request = new Hello { Name = "abc" };
var client = new JsonServiceClient("http://localhost:5001/");
var response = client.Send<HelloResponse>(request);
This shouldn’t be required if users are hitting your controller when they view a page for example. If you can produce a minimal reproduction of what you have and share it on GitHub, I can take a look.