如何在服务器上使不记名令牌无效
[英]How to invalidate bearer token at server
问题描述
I save all of the generated bearer tokens into a database at sign-in time.
我在登录时将所有生成的不记名令牌保存到数据库中。 Now I want to check if the request bearer does not exists in database, reject it.现在我想检查数据库中是否不存在请求承载,拒绝它。 Where should I put it?我应该把它放在哪里?
Note that I want this to happen in the Owin pipeline.请注意,我希望这发生在 Owin 管道中。 ( Not in the webapi pipeline. For example inside the [Authorize] attribute) (不在webapi 管道中。例如在[Authorize]属性中)
1 个解决方案
解决方案1
2 已采纳 2016-02-09 16:03:43
Inherit from OAuthBearerAuthenticationProvider like this :像这样从OAuthBearerAuthenticationProvider继承:
public class ApplicationOAuthBearerAuthenticationProvider : OAuthBearerAuthenticationProvider
{
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var result= base.ValidateIdentity(context);
if (context.IsValidated )
{
var ticket = context.Ticket;
if (ticket != null && ticket.Identity.IsAuthenticated && ticket.Properties.ExpiresUtc > DateTime.UtcNow)
{
if (1==2)//TODO: put your server side condition here
{
context.SetError("HaHa!");
}
}
}
return result;
}
}
and use it in your startup.cs class like this :并在您的startup.cs类中使用它,如下所示:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
Provider = new ApplicationOAuthBearerAuthenticationProvider(),
});
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.