'Trying to understand B2C authetication with Web App and session management
I have a web application (.net5, razor) that's using Azure B2C to authenticate users.
So a user opens the applications, goes through B2C to authenticate and they are now signed in. I have set the custom policies up so that for all users their session lasts 30 mins on a rolling basis:
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" />
<SessionExpiryType>Rolling</SessionExpiryType>
<SessionExpiryInSeconds>1800</SessionExpiryInSeconds>
</UserJourneyBehaviors>
What I'm trying to understand is what events cause the session to be increased?
Is this on any page loads (which are just within the application and don't go via B2C), or is it only when the user is passed through B2C and back to the application?
I don't want the user to be asked to re-authenticate every 30 minutes just because they've stayed on pages which are all within the application. If this is the case, do I need to pass the user through B2C on every page load?
Solution 1:[1]
Session lifetime gets increased after each successful authentication. Once it has expired you won't get signed out of your application but you will need to re-authenticate to Azure B2C. You can keep the user signed in by configuring KeepAliveInDays.
We recommend that you set the value of SessionExpiryInSeconds to be a short period (1200 seconds), while the value of KeepAliveInDays can be set to a relatively long period (30 days)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | AlfredoRevilla-MSFT |