[英]OAuth 2.0 How to validate token expiration date
I am using MVC Web API inside MVC project. 我在MVC项目中使用MVC Web API。 I used SimpleAuthorizationServerProvider to generate the token.
我使用SimpleAuthorizationServerProvider生成令牌。 and I used AuthorizeForAPI custom Attribute to valid the token.
并且我使用AuthorizeForAPI自定义属性来验证令牌。 Everything is working great.
一切都很好。 My question is how to validate token expiration date so if the the token has expired i will send a message from server tells the user that your token has been expired
我的问题是如何验证令牌的到期日期,以便令牌是否已过期,我将从服务器发送一条消息,通知用户您的令牌已过期
This how i generate the token 这是我生成令牌的方式
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
}
And this how i valid the token 这就是我如何验证令牌的方式
public class AuthorizeForAPI : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
string AccessTokenFromRequest = "";
if (actionContext.Request.Headers.Authorization != null)
{
// get the access token
AccessTokenFromRequest = actionContext.Request.Headers.Authorization.Parameter;
var user = HttpContext.Current.User.Identity;
if (!user.IsAuthenticated)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "Unauthorized user");
}
}
}
}
} }
using 使用
AccessTokenExpireTimeSpan = TimeSpan.FromDays(22), //22 day before expired
you can change it for minute , hours , etc in "timespan.from(this)" 您可以在“ timespan.from(this)”中将其更改为分钟,小时等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.