I am using ASP.Net Core and MS Identity, I try to understand why after each deployment the login users are logged out. I am running on a IIS 8.5
I have been trying the method in this thread (setting static machine key) ASP.NET Identity 2 relogin after deploy by generating static keys at the server level in IIS UI and adding the following to web.config of the website:
<system.web> <machineKey validationKey="XXX" decryptionKey="XXX" validation="SHA1" decryption="AES"/> </system.web>
However the problem remains:
But I also go this:
What can cause the user to be logged off? Any idea on how to avoid that?
(solution split into a separate answer following Chris comment)
I found a solution to keep the login status, it survives website stop/start, and an update of the website source folder:
public void ConfigureServices(IServiceCollection services) { services.AddDataProtection() // This helps surviving a restart: a same app will find back its keys. Just ensure to create the folder. .PersistKeysToFileSystem(new DirectoryInfo("\\MyFolder\\keys\\")) // This helps surviving a site update: each app has its own store, building the site creates a new app .SetApplicationName("MyWebsite") .SetDefaultKeyLifetime(TimeSpan.FromDays(90)); }
With these additional lines and the machine key set, the login data stays after site stop/start and IIS server restart, and if the site is rebuilt.
More information there: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview
More proposed by justserega: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/advanced?view=aspnetcore-6.0#data-protection
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With