如何使ASP.Net Web API 2承载令牌无效?
[英]How do you invalidate an ASP.Net Web API 2 Bearer token?
问题描述
I would like to forcibly invalidate a Bearer Token that was issued by the default ApplicationOAuthProvider from the ASP.Net Web API2 project template. 
我想强制使ASP.Net Web API2项目模板中默认的ApplicationOAuthProvider发出的Bearer Token无效。
The project has the below code, which doesn't work for Bearer tokens. 该项目具有以下代码,该代码不适用于承载令牌。
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
1 个解决方案
解决方案1
10 2013-11-17 15:28:49
There's nothing built in for that - you could build your own mechanism for it which typically involves something like a database check on each request. 没有内置的东西 - 你可以为它构建自己的机制,这通常涉及对每个请求进行数据库检查。
The other thing is, keep token lifetime short and use something like refresh tokens - see here: http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/ 另一件事是,保持令牌生命周期短,并使用类似刷新令牌的东西 - 请参阅此处: http : //leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization -服务器/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.