代码之家  ›  专栏  ›  技术社区  ›  Herman Andres Figueroa

C#OWIN Security-set expiration token-始终具有默认值

  •  3
  • Herman Andres Figueroa  · 技术社区  · 6 年前

    大家好,我目前有一个项目,我使用owin安全

    当我试图向/token发出请求时,我得到了这个

    enter image description here

    其中指定过期令牌为7199秒(2小时)

    不喜欢 或者找到他们把这个值设为2小时的地方 (查看整个解决方案)

    我唯一找到的就是这个类对应于refresh标记 (但没有过期令牌) 但是这个令牌被设置为14400,但是当我再次发出请求时,令牌始终保持在该值

    namespace Conarch.Providers
    {
        public class SimpleRefreshTokenProvider : IAuthenticationTokenProvider
        {
    
            public async Task CreateAsync(AuthenticationTokenCreateContext context)
            {
                var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
    
                context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(12000));
    
                if (string.IsNullOrEmpty(clientid))
                {
                    return;
                }
    
                var refreshTokenId = Guid.NewGuid().ToString("n");
    
                using (AuthRepository _repo = new AuthRepository())
                {
                    var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); 
    
                    var token = new RefreshToken() 
                    { 
                        Id = Helper.GetHash(refreshTokenId),
                        ClientId = clientid, 
                        Subject = context.Ticket.Identity.Name,
                        IssuedUtc = DateTime.UtcNow,
                        ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) 
                    };
    
                    context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
                    context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
    
                    token.ProtectedTicket = context.SerializeTicket();
    
                    var result = await _repo.AddRefreshToken(token);
    
                    if (result)
                    {
                        context.SetToken(refreshTokenId);
                    }
    
                }
            }
    
            public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
            {
    
                var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
    
                string hashedTokenId = Helper.GetHash(context.Token);
    
                using (AuthRepository _repo = new AuthRepository())
                {
                    var refreshToken = await _repo.FindRefreshToken(hashedTokenId);
    
                    if (refreshToken != null )
                    {
                        //Get protectedTicket from refreshToken class
                        context.DeserializeTicket(refreshToken.ProtectedTicket);
                        var result = await _repo.RemoveRefreshToken(hashedTokenId);
                    }
                }
            }
    
            public void Create(AuthenticationTokenCreateContext context)
            {
                throw new NotImplementedException();
            }
    
            public void Receive(AuthenticationTokenReceiveContext context)
            {
                throw new NotImplementedException();
            }
    

    我的问题是 :您在什么地方设置此值?时间如何增加?

    非常感谢你

    1 回复  |  直到 6 年前
        1
  •  5
  •   Mohammad Nikravesh    6 年前

    您必须在web应用程序配置期间设置过期时间

    OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()  
    {  
    
        AllowInsecureHttp = true,  
        TokenEndpointPath = new PathString("/token"),  
        AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),  
        Provider = new AuthorizationServerProvider(),  
        RefreshTokenProvider = new RefreshTokenProvider()  
    };
    

    你可以找到全文 here