What is the difference between using AuthenticationManager SignIn as opposed to using SignInManager PasswordSignIn/SignIn? I have an implementation using the SignInManager and have my cookie expiration set to 30 days however it seems my web app will randomly expire my cookies far before 30 days. Would using the SignInManager implementation be the cause of this? Should I be using the AuthenticationManager implementation instead?
The out of the box example code shows sign in like this, but I’ve also seen other examples that use AuthenticationManager implementation.
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
Here is my startup configuration.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
ExpireTimeSpan = TimeSpan.FromDays(30),
LoginPath = new PathString("/signin"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<AppUserManager, AppUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Before release of identity framework version 2.1.0, we have to write our own code in order to get results (SignInStatus) for Two-Factor authentication, account lockout, EmailToBeConfirmed etc. With the SignInManager, this has been simplified and we get SignInStatus with one line of code.
You can understand this checking following NuGet packages and compering two version.
Version 2.0.0: Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta1 -Pre
Version 2.1.0: Install-Package Microsoft.AspNet.Identity.Samples -Pre
AuthenticationManager.SignIn is the mechanism using behind the SignInManager in order to complete user signIn process, so that there isn’t any difference between AuthenticationManager.SignIn and SignInManager.PasswordSignIn/SignIn. We could explain SignInManager as a helper class to manage all types of authentication like PasswordSignIn/SignIn, SignInOrTwoFactor.
Therefore expiration of cookies not depend on the method you used for signIn as all configured in the CookieAuthenticationOptions of start up.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0