AddDefaultTokenProviders:它是什么以及如何使用那些“默认提供者"? [英] AddDefaultTokenProviders: what is it and how to use those "default providers"?

问题描述

我在默认Visual Studio 2015 ASP.NET 5项目的ConfigureServices中的Startup.cs文件中找到了此文件:

I found this in my Startup.cs file in ConfigureServices in a default Visual Studio 2015 ASP.NET 5 project:

services.AddIdentity<ApplicationUser, IdentityRole>()
                .AddEntityFrameworkStores<AuthorizationDbContext>()
                .AddDefaultTokenProviders();

它到底是做什么的，以及如何使用那些默认提供程序"?是否为我配置了所有基于令牌的身份验证?我在哪里可以了解到更多信息?

What does it exactly do, and how to use those "default providers"? Does it configure all token-based authentication for me? Where can I read more about it?

推荐答案

尽管令牌提供者的名称与令牌身份验证无关，但它们仅用于生成不透明的令牌，用于帐户操作(如密码重置或电子邮件更改) )和两因素身份验证.

Despite their name, the token providers have nothing to do with token authentication: they are exclusively used to generate opaque tokens for account operations (like password reset or email change) and two-factor authentication.

当前有3个内置提供程序:

There are currently 3 built-in providers:

• DataProtectorTokenProvider :顾名思义，它使用数据保护块(ASP.NET Core 1.0中的机器密钥等效)来序列化加密令牌，这些令牌随后可以由服务器反序列化.

• DataProtectorTokenProvider: as the name suggests, it uses the data protection block (machine keys' equivalent in ASP.NET Core 1.0) to serialize encrypted tokens that can later be deserialized by the server.

EmailTokenProvider 和 PhoneNumberTokenProvider :这些提供程序来自 TotpSecurityStampBasedTokenProvider ，它实现了Time-based One-time Password Algorithm(TOTP)，该协议旨在产生易于使用的简短令牌，可以通过SMS或电子邮件发送.

EmailTokenProvider and PhoneNumberTokenProvider: these providers are derived from TotpSecurityStampBasedTokenProvider, which implements the Time-based One-time Password Algorithm (TOTP), a protocol designed to produce user-friendly and short tokens that can be sent in a SMS or in an email.

ASP.NET Core 1.0不提供本机令牌身份验证支持(仅支持令牌验证:您无法生成自己的令牌).您可以阅读这些SO帖子以获取更多信息:

ASP.NET Core 1.0 doesn't offer native token authentication support (only token validation is supported: you can't produce your own tokens). You can read these SO posts for more information:

• ASP.NET Core 1.0 Web API中的简单JWT身份验证.
• ASP.NET 5中的Web API身份验证.
• 配置授权服务器端点.

• Simple JWT authentication in ASP.NET Core 1.0 Web API.
• Web API Authentication in ASP.NET 5.
• Configure the authorization server endpoint.

这篇关于AddDefaultTokenProviders:它是什么以及如何使用那些“默认提供者"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！