stackoom
  简体   繁体   中英

How do you invalidate an ASP.Net Web API 2 Bearer token?

 原文  2013-11-17 13:44:47       asp.net-web-api/ asp.net-identity

Question

I would like to forcibly invalidate a Bearer Token that was issued by the default ApplicationOAuthProvider from the ASP.Net Web API2 project template.

The project has the below code, which doesn't work for Bearer tokens. 

Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);

1 answers

solution1
 10  2013-11-17 15:28:49

There's nothing built in for that - you could build your own mechanism for it which typically involves something like a database check on each request.

The other thing is, keep token lifetime short and use something like refresh tokens - see here: http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use bearer token with two asp.net web api How to revoke JWT Bearer Token in Asp.net Web API Bearer Token for angular in asp.net web api ASP.NET Web API 2 Bearer Token Authentication and Resources Authorization How to get user info from token after Bearer Token in asp.net web api Using RestSharp, how do I execute a POST request to my ASP.NET Web API with an oAuth2 Bearer token? How to handle the absence or expiration of bearer token in ASP.NET Web API How to consume ASP.NET Web API 2.0 with bearer token via a desktop/console application In ASP.Net Web API, how do you get LogonUserIdentity? asp.net MVC Web API - Log New Bearer Token sent to User
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM