I am using Owin's cookie authentication to logout users after a time period of inactivity. The thing is, I need to let the user know that their session expires in 'X' minutes.
How can I access the authentication cookie to get the time remaining? Is this even possible? Has anybody had to do something like this before?
It is possible. One way to do that would be to use the OnValidateIdentity callback, which is called every time the cookie is authenticated, which is every time a request is made to the web app (assuming active mode).
var options = new CookieAuthenticationOptions
{
// usual options such as LoginPath, for example, go here...
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = context =>
{
DateTimeOffset now = DateTimeOffset.UtcNow;
context.OwinContext.Request.Set<double>("time.Remaining",
context.Properties.ExpiresUtc.Value.Subtract(now).TotalSeconds);
return Task.FromResult<object>(null);
}
}
};
app.UseCookieAuthentication(options);
Here, I'm storing the seconds remaining in OWIN environment dictionary. You can use it from anywhere the dictionary is accessible and inform the user. For example, from an MVC controller, you can do something like this.
[Authorize]
public class HomeController : Controller
{
public ActionResult Index()
{
var secondsRemaining = (double)Request.GetOwinContext()
.Environment["time.Remaining"]);
// Do what you want to do with the secondsRemaining here...
return View();
}
}
