编程语言
首页 > 编程语言> > C#OWIN安全性-设置到期令牌-始终具有默认值

C#OWIN安全性-设置到期令牌-始终具有默认值

作者:互联网

大家好,我目前有一个使用owin安全性的项目

当我尝试向/令牌发出请求时,得到了这个

enter image description here

在那里指定到期令牌为7199秒(2小时)

我一直在寻找该端点(路由),但没有喜欢它/没有为其设置令牌或找到将其设置为2小时的位置(在整个解决方案中查找)

我唯一发现的是与刷新令牌(但没有过期令牌)相对应的此类,但此令牌设置为14400,但是当我再次发出请求时,令牌始终保持在该值

namespace Conarch.Providers
{
    public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
    {

        public async Task CreateAsync(AuthenticationTokenCreateContext context)
        {
            var clientid = context.Ticket.Properties.Dictionary["as:client_id"];

            context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(12000));

            if (string.IsNullOrEmpty(clientid))
            {
                return;
            }

            var refreshTokenId = Guid.NewGuid().ToString("n");

            using (AuthRepository _repo = new AuthRepository())
            {
                var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); 

                var token = new RefreshToken() 
                { 
                    Id = Helper.GetHash(refreshTokenId),
                    ClientId = clientid, 
                    Subject = context.Ticket.Identity.Name,
                    IssuedUtc = DateTime.UtcNow,
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) 
                };

                context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
                context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;

                token.ProtectedTicket = context.SerializeTicket();

                var result = await _repo.AddRefreshToken(token);

                if (result)
                {
                    context.SetToken(refreshTokenId);
                }

            }
        }

        public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
        {

            var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

            string hashedTokenId = Helper.GetHash(context.Token);

            using (AuthRepository _repo = new AuthRepository())
            {
                var refreshToken = await _repo.FindRefreshToken(hashedTokenId);

                if (refreshToken != null )
                {
                    //Get protectedTicket from refreshToken class
                    context.DeserializeTicket(refreshToken.ProtectedTicket);
                    var result = await _repo.RemoveRefreshToken(hashedTokenId);
                }
            }
        }

        public void Create(AuthenticationTokenCreateContext context)
        {
            throw new NotImplementedException();
        }

        public void Receive(AuthenticationTokenReceiveContext context)
        {
            throw new NotImplementedException();
        }

我的问题是:您在哪个位置设置此值,时间将如何增加?

非常感谢你

解决方法:

您必须在Web应用程序配置期间设置到期时间
用这个:

OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()  
{  

    AllowInsecureHttp = true,  
    TokenEndpointPath = new PathString("/token"),  
    AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),  
    Provider = new AuthorizationServerProvider(),  
    RefreshTokenProvider = new RefreshTokenProvider()  
};

您可能会找到完整的文章here

标签:owin,asp-net-identity,oauth,asp-net,c
来源: https://codeday.me/bug/20191025/1925128.html