Asp .net core auomatic logout after users idle time

Question

I am using dot net core 2.0 with MVC. I need to achieve this functionality. If the user stays idle for 15 minutes i need to refresh and redirect to the login page. I used Claims authentication. Here is what i have tried in starup.cs

services.ConfigureApplicationCookie(options =>
        {
            // Cookie settings
            options.Cookie.HttpOnly = true;
            //options.Cookie.Expiration = TimeSpan.FromDays(150);
            options.ExpireTimeSpan = TimeSpan.FromSeconds(15);
            options.LoginPath = "/Account/Login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = "/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = true;
        });

"options.ExpireTimeSpan = TimeSpan.FromSeconds(15);" is what I thought that will help me log out after 15 seconds (For testing purpose actually 15 minutes).

Here is my entire start up

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

        services.AddIdentity<ApplicationUser, ApplicationRole>(config =>
        {
            config.SignIn.RequireConfirmedEmail = false;
        })
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();
        services.AddScoped<UserManager<ApplicationUser>>();
        services.Configure<IdentityOptions>(options =>
        {
            // Password settings
            options.Password.RequireDigit = true;
            options.Password.RequiredLength = 8;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = true;
            options.Password.RequireLowercase = false;
            options.Password.RequiredUniqueChars = 6;

            // Lockout settings
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
            options.Lockout.MaxFailedAccessAttempts = 10;
            options.Lockout.AllowedForNewUsers = true;

            // User settings
            options.User.RequireUniqueEmail = true;

        });
        services.ConfigureApplicationCookie(options =>
        {
            // Cookie settings
            options.Cookie.HttpOnly = true;
            //options.Cookie.Expiration = TimeSpan.FromDays(150);
            options.ExpireTimeSpan = TimeSpan.FromSeconds(15);
            options.LoginPath = "/Account/Login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
            options.LogoutPath = "/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
            options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
            options.SlidingExpiration = true;
        });


        services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));

        // Add application services.
        services.AddTransient<IEmailSender, EmailSender>();

        //Common Services
        services.AddTransient<CommonService, CommonService>();
        services.AddMvc()
                        .AddJsonOptions(options =>
        options.SerializerSettings.ContractResolver = new DefaultContractResolver());

        services.Configure<AppSettings>(Configuration.GetSection("ApplicationSettings"));
        // Add Kendo UI services to the services container
        services.AddKendo();

        //Date Format
        services.Configure<DateSettings>(Configuration.GetSection("DateSettings"));

        //Templates
        services.Configure<Templates>(Configuration.GetSection("Templates"));

        //Themes
        services.Configure<ThemeSettings>(Configuration.GetSection("ThemeSettings"));

        //Title
        services.Configure<TitleSettings>(Configuration.GetSection("TitleSettings"));

        //Google reCaptcha
        services.Configure<GoogleReCaptcha>(Configuration.GetSection("GoogleReCaptcha"));

        services.Configure<LoginAttemptsToCaptcha>(Configuration.GetSection("LoginAttemptsToCaptcha"));
        services.Configure<PhysicalExamination>(Configuration.GetSection("PhysicalExamination"));

        //Reset Password Settings
        //var reset = services.Configure<ResetPasswordSettings>(Configuration.GetSection("ResetPasswordSettings"));
        var resetsettingsSection = Configuration.GetSection("ApplicationSettings");
        var settings = resetsettingsSection.Get<AppSettings>();

        services.Configure<DataProtectionTokenProviderOptions>(options =>
        {
            options.TokenLifespan = TimeSpan.FromMinutes(settings.ResetPasswordExpiryTime);
        });

        //services.AddMvc().AddSessionStateTempDataProvider();
        //services.AddSession();
        //services.AddSession(options =>
        //{
        //    options.IdleTimeout = TimeSpan.FromSeconds(10);
        //});
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, 
        IHostingEnvironment env,
        UserManager<ApplicationUser> userManager,
        RoleManager<ApplicationRole> roleManager, ApplicationDbContext context)

    {

        //app.UseMiddleware<AuthenticationMiddleware>();
        //app.UseMiddleware<ErrorHandlingMiddleware>();
        app.UseAuthenticationMiddleware();
        if (env.IsDevelopment())
        {
            //app.UseBrowserLink();
            //app.UseDeveloperExceptionPage();
            //app.UseDatabaseErrorPage();
            //app.UseExceptionHandler("/Home/Error");
        }
        else
        {
            //app.UseExceptionHandler("/Home/Error");
        }

        app.UseStaticFiles();

        app.UseAuthentication();

        using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
        {
            if (!serviceScope.ServiceProvider.GetService<ApplicationDbContext>().AllMigrationsApplied())
            {
                serviceScope.ServiceProvider.GetService<ApplicationDbContext>().Database.Migrate();
            }
            AppIdentityDataInitializer.SeedAdminUser(userManager, roleManager, context);
            serviceScope.ServiceProvider.GetService<ApplicationDbContext>().EnsureSeeded();
        }

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
        // Configure Kendo UI
        //app.UseKendo(env);

        //app.UseSession();
    }
}

Can anyone help me achieve this.

Answer 1

If you would like that page will automaticly logout user when idle, you have to add some js code. It purpose it to track iddle time and if it is longer then 15second than do logout action. Simplest, redirect to logout action. More fancy by ajax calling to logout and in response show login modal. Cookie setup can be tweak to be valid longer than 15seconds. Imagine that you would like to have pages when idle time could be longer, with strict setting it in cookie you cannont achieve that.