How to set the UserTokenProvider token expiration

We're working on a new ASP.NET MVC 4.1 app. We're hooking up the ASP.NET Identity stuff, and we're struggling with tokens for password reset and new invite. I can't seem to find a way to set the expiration time for the tokens that are generated, and it seems to be set at around 10 mins by default. We're using a EmailTokenProvider as the user token provider, because it seems to work well with the security stamp on the user.

How can we set the expiration for the tokens - ideally we'd like to set it differently for the invite Vs the reset password tokens.

Our user manager looks like this:

var manager = new UserManager<User, long>(new UserStore(new UserRepository()));
manager.UserValidator = new UserValidator<User, long>(manager) {AllowOnlyAlphanumericUserNames = false, RequireUniqueEmail = true};
manager.UserTokenProvider = new EmailTokenProvider<User, long>();

When a user requests a reset password link we call

var token = await _userManager.GeneratePasswordResetTokenAsync(user.Id); to get the token, and pass that on to the user.

When a user is invited, we call:

var token = await _userManager.GenerateUserTokenAsync("FirstLogin", user.Id);

to get the token, and send.


2.0中的令牌提供程序的默认实现不允许您更改令牌过期,这是我们正在考虑的身份3.0的事情。


If I understand your question well, following could help:

    private static string CalculateToken(User user)
    {
        byte[] time = BitConverter.GetBytes(DateTime.UtcNow.ToBinary());
        byte[] key = BitConverter.GetBytes(user.ID);
        string token = Convert.ToBase64String(time.Concat(key).ToArray());
        return token;
    }

And then:

   DateTime time = DateTime.FromBinary(BitConverter.ToInt64(data, 0));
   int id = BitConverter.ToInt32(data, 8);

   if (time< DateTime.UtcNow.AddMinutes(-10) || user.ID != id)
            {
                //too old or IDs not matching
            }
链接地址: http://www.djcxy.com/p/22926.html

上一篇: 为什么Sempaphores在Linux中受到限制

下一篇: 如何设置UserTokenProvider令牌到期