在oauth bearer-token中为每个用户生成一个令牌 [英] Generate one token per user in oauth bearer-token

问题描述

嗨

i创建asp.net web api项目并使用bearer token进行用户授权

问题是发送时

hi
i create asp.net web api project and use bearer token for user authorization
problem is when send

username=xxxx&password=xxxx&grant_type=password

到http：//地址/令牌它可以为每个用户生成多个令牌。

i想要为每个用户生成一个令牌我该怎么办？这个??



我尝试了什么：



i send username = xxxx& password = xxxx& grant_type =密码作为请求，作为http：//地址/令牌多次请求的主体，它为单个用户生成多个令牌

to http://address/Token it can generate more than one token for each user.
i want to generate one token per user how can i do this??

What I have tried:

i send username=xxxx&password=xxxx&grant_type=password as request as body of request to http://address/Token multiple time and it generate multiple token for single user

推荐答案

它将为每个用户会话创建不同的令牌。这就像一次性用户令牌。

你可以做的是：

1.拨打http：// address / Token以及username = xxxx& password = xxxx& grant_type =密码作为正文请求。

2.在本地存储收到的令牌（如果使用服务器技术，则在会话变量中;如果使用SPA应用程序，则在本地存储中）。

3.在授权属性中发送令牌以及下一个请求。

4.用户注销后从会话中删除令牌。

5.用户被认为已登录，直到用户有一次性令牌为止。



注意：登录一次并使用令牌连续请求。





注意：如果您使用的是IIS中共享相同用户令牌的两个以上的应用程序。然后在IIS App Pool中为两个应用程序创建机器密钥。

It will create different token for each user session. This is like a one-time user token.
What you can do is:
1. Call "http://address/Token" along with username=xxxx&password=xxxx&grant_type=password as request as body.
2. Store the received token locally(in session variable if using server technologies or local storage if using SPA application).
3. Send the token in Authorization property along with the next requests.
4. Once the user logs out delete the token from the session.
5. The user is considered logged-in till the user has the one-time token with him.

Note: Log-In once and use the token for consecutive requests.


Note: If you are using more then two applications sharing the same user-token in the IIS. Then make the machine-key in the IIS App Pool for both the applications same.

这篇关于在oauth bearer-token中为每个用户生成一个令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！