使用 Owin OpenIdConnect 中间件设置 .AspNet.Cookies 的过期时间或最长期限

我正在运行 此示例 创建多租户 Web 应用程序，该应用程序使用 AzureAD 与 Owin OpenIDConnect 中间件进行连接。用于在“我的客户端”和“我的服务器”之间进行身份验证的 .AspNet.Cookies 始终是会话 cookie。我想将其设置为 Max-Age 或到期日期。我尝试了几次修正但没有成功，例如，我尝试更改

ExpireTimeSpan

（参见下面的代码），但在我的浏览器 cookie 检查器中我仍然看到

Expiration/ Max-Age: Session

。

另外，为什么

SignOut

方法使用openidconnect和cookie作为身份验证类型，而

SignIn

方法仅使用openidconnect？

账户控制器

public void SignIn()
{
    HttpContext.GetOwinContext()
        .Authentication.Challenge(new AuthenticationProperties {RedirectUri = SettingsHelper.LoginRedirectRelativeUri},
            OpenIdConnectAuthenticationDefaults.AuthenticationType);

}
public void SignOut()
{
    HttpContext.GetOwinContext().Authentication.SignOut(
        new AuthenticationProperties { RedirectUri = SettingsHelper.LogoutRedirectRelativeUri,  },
        OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}

并在 Start.Auth.cs 中

public void ConfigureAuth(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions()
    {
        ExpireTimeSpan = TimeSpan.FromHours(1),

    });

    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
            ClientId = SettingsHelper.ClientId,
            Authority = SettingsHelper.Authority,

            TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
            {
                  ValidateIssuer = false
            },

            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. 
                AuthorizationCodeReceived = (context) =>
                {
                    var code = context.Code;

                    ClientCredential credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.AppKey);
                    string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
                    string signInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;

                    AuthenticationContext authContext = new AuthenticationContext(string.Format("{0}/{1}", SettingsHelper.AuthorizationUri, tenantID), new ADALTokenCache(signInUserId));
                    AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, SettingsHelper.AADGraphResourceId);

                    return Task.FromResult(0);
                },

                RedirectToIdentityProvider = (context) =>
                {
                    string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                    context.ProtocolMessage.RedirectUri = appBaseUrl + SettingsHelper.LoginRedirectRelativeUri;
                    context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl + SettingsHelper.LogoutRedirectRelativeUri;

                    return Task.FromResult(0);
                },

                AuthenticationFailed = (context) =>
                {
                    context.HandleResponse();
                    return Task.FromResult(0);
                }
            }
        });
}

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    ExpireTimeSpan = TimeSpan.FromHours(1),

    Provider = new CookieAuthenticationProvider
    {
        OnResponseSignIn = c =>
        {
            // prevent cookie expiration from being set to "Session"
            c.Properties.IsPersistent = true;
        }
    }
});