This project has moved. For the latest updates, please go here.

Can you configure OWIN Cookie Authentication to prevent certain URLs from affecting sliding expiration?

Apr 1, 2015 at 8:39 PM
Edited Apr 1, 2015 at 8:42 PM
We have an ASP.NET MVC 5 app using Cookie Authentication with a sliding expiration. On the client, we have a script that polls a web service every minute for notifications. We would like to prevent that web service call from causing the auth token expiration to slide forward. Is there any built-in way to do that?

I also was considering implementing my own custom sliding expiration method in an OnValidateIdentity handler, but setting ExpiresUtc in that method doesn't appear to actually affect the token's expiration date. Am I missing something?
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    Provider = new CookieAuthenticationProvider
    {
        OnValidateIdentity = cookieValidateIdentityContext =>
        {
            cookieValidateIdentityContext.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(-1);
            return Task.FromResult(0);
        }
    },

    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    AuthenticationMode = AuthenticationMode.Active,
    LoginPath = new PathString("/"),
    SlidingExpiration = false,
    LogoutPath = new PathString("/Sessions/Logout")
});
Jun 24, 2015 at 11:54 AM
Edited Jun 24, 2015 at 11:57 AM