Enabling authentication on a container app introduces a cookie to the browser with which the user can proceed through the authentication middleware to the application. This cookie has a session which is maintained on the authentication middleware, with a lifetime of 8 hours. Is there a way to extend this session lifetime?

Hi Milorad, Please see below sample code for 60 days duration that you can try in test environment. I recommend you have all your authentication and identity provider settings backed up in separate file in case you run into a problem and need to re-configure manually. In my tests the sample didn't cause any issues with existing auth config, however, I didn't perform extensive testing. $containerAppName = "mycontainerapp" $resourceGroupName = "myresourcegroup" $cookieTTL = "60.00:00:00" $authConfig = Get-AzContainerAppAuthConfig -AuthConfigName current -ContainerAppName $containerAppName -ResourceGroupName $resourceGroupName $params = @{AuthConfigName="current";ContainerAppName=$containerAppName;ResourceGroupName=$resourceGroupName;CookieExpirationConvention="FixedTime";CookieExpirationTimeToExpiration=$cookieTTL} $authProps = @("ForwardProxyConvention","ForwardProxyCustomHostHeaderName","ForwardProxyCustomProtoHeaderName","GlobalValidationExcludedPath","GlobalValidationRedirectToProvider","GlobalValidationUnauthenticatedClientAction","HttpSettingRequireHttps","IdentityProvider","LoginAllowedExternalRedirectUrl","LoginPreserveUrlFragmentsForLogin","NonceExpirationInterval","NonceValidateNonce","PlatformEnabled","PlatformRuntimeVersion","RouteApiPrefix","RouteLogoutEndpoint") $authProps|ForEach-Object -Process {if ($authConfig.$_ -ne $null) {$params.Add($_.ToString(),$authConfig.$_)}} New-AzContainerAppAuthConfig @params Please click Accept Answer and upvote if above was helpful. Thanks. -TP

Extending authentication session on Azure container app

Accepted answer

TP 82,656 Reputation points

2023-10-18T03:01:53.6233333+00:00
Hi Milorad,

Please see below sample code for 60 days duration that you can try in test environment. I recommend you have all your authentication and identity provider settings backed up in separate file in case you run into a problem and need to re-configure manually.

In my tests the sample didn't cause any issues with existing auth config, however, I didn't perform extensive testing.

$containerAppName = "mycontainerapp" $resourceGroupName = "myresourcegroup" $cookieTTL = "60.00:00:00" $authConfig = Get-AzContainerAppAuthConfig -AuthConfigName current -ContainerAppName $containerAppName -ResourceGroupName $resourceGroupName $params = @{AuthConfigName="current";ContainerAppName=$containerAppName;ResourceGroupName=$resourceGroupName;CookieExpirationConvention="FixedTime";CookieExpirationTimeToExpiration=$cookieTTL} $authProps = @("ForwardProxyConvention","ForwardProxyCustomHostHeaderName","ForwardProxyCustomProtoHeaderName","GlobalValidationExcludedPath","GlobalValidationRedirectToProvider","GlobalValidationUnauthenticatedClientAction","HttpSettingRequireHttps","IdentityProvider","LoginAllowedExternalRedirectUrl","LoginPreserveUrlFragmentsForLogin","NonceExpirationInterval","NonceValidateNonce","PlatformEnabled","PlatformRuntimeVersion","RouteApiPrefix","RouteLogoutEndpoint") $authProps|ForEach-Object -Process {if ($authConfig.$_ -ne $null) {$params.Add($_.ToString(),$authConfig.$_)}} New-AzContainerAppAuthConfig @params

Please click Accept Answer and upvote if above was helpful.

Thanks.

-TP
Please sign in to rate this answer.

1 person found this answer helpful.
Milorad Savcic 71 Reputation points

2023-10-18T08:28:41.6133333+00:00

Thank you for the answer! This made me take a second look at bicep template for container apps and there is a section there which targets the exact properties you have mentioned, I will do it via bicep, leaving the link here for anyone who might want to do the same:

https://video2.skills-academy.com/en-us/azure/templates/microsoft.app/containerapps/authconfigs?pivots=deployment-language-bicep#cookieexpiration

Milorad Savcic 71 Reputation points

2023-10-18T08:33:07.77+00:00

Just to make it more clear this would mean that after a fixed period of 60 days the user would need to reauthenticate.

Is there a way to have a rolling authentication session? (e.g. as long as user is active he is authenticated, and reauthentication is needed only after a period of inactivity - 7 days for example)

Milorad Savcic 71 Reputation points

2023-10-18T08:41:24.8233333+00:00

~~Is there a way to have a rolling window? (e.g. user needs to reauthenticate only after a longer period of inactivity - 7 days for example)~~

~~Setting up with fixed time means that the user must reauthenticate after 60 days, regardless of usage of application.
~~
IGNORE

Milorad Savcic 71 Reputation points

2024-04-15T13:27:28.4666667+00:00

I have an additional issue connected to this, could I get your take?

https://video2.skills-academy.com/en-us/answers/questions/1656057/user-forced-to-reauthenticate-after-browser-close
Sign in to comment

Share via

Extending authentication session on Azure container app

0 additional answers