如何在Web API中强制使用无效承载令牌? [英] How to force Invalid Bearer token in web api?
问题描述
我必须在网络api中删除90多个用户.我正在使用Web API 2个人帐户.但是删除此用户后,他们仍然可以使用我的Web-api,因为访问令牌已缓存在某处.如何预防呢?
I had to delete over 90 users in my web api. I am using web api 2 individual account. But after deleting this users, they still can use my web-api, because access token are cached somewhere. How to prevent that?
推荐答案
因为令牌存储在客户端而不是服务器上,所以您不能手动使令牌无效.
because tokens are stored on the client and not on the server, u can't manually invalid token.
但我发现了三种解决方案:
1日-等待令牌过期(14天,对我来说太长了)
2'-更改服务器上的日期,当我向服务器日期添加14天时,所有令牌都已过期(但是在生产服务器上,这是不可接受的)
3'rd-更改服务器上的机器密钥.
but i found three solutions:
1'st - Just wait until tokens expire (14 days, it was too long for me)
2'nd - changing the date on the server, when i add'ed 14 days to server date, All tokens expired (but on production server this was unacceptable)
3'rd - Changing machine key on server.
这篇关于如何在Web API中强制使用无效承载令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!