如何在Web API中强制使用无效承载令牌? [英] How to force Invalid Bearer token in web api?

问题描述

我必须在网络api中删除90多个用户.我正在使用Web API 2个人帐户.但是删除此用户后，他们仍然可以使用我的Web-api，因为访问令牌已缓存在某处.如何预防呢?

I had to delete over 90 users in my web api. I am using web api 2 individual account. But after deleting this users, they still can use my web-api, because access token are cached somewhere. How to prevent that?

推荐答案

因为令牌存储在客户端而不是服务器上，所以您不能手动使令牌无效.

because tokens are stored on the client and not on the server, u can't manually invalid token.

但我发现了三种解决方案:
1日-等待令牌过期(14天，对我来说太长了)
2'-更改服务器上的日期，当我向服务器日期添加14天时，所有令牌都已过期(但是在生产服务器上，这是不可接受的)
3'rd-更改服务器上的机器密钥.

but i found three solutions:
1'st - Just wait until tokens expire (14 days, it was too long for me)
2'nd - changing the date on the server, when i add'ed 14 days to server date, All tokens expired (but on production server this was unacceptable)
3'rd - Changing machine key on server.

这篇关于如何在Web API中强制使用无效承载令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！